Cursor Code Editor: Malicious Website Instructions Can Execute Commands

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

Cursor Code Editor: Malicious Website Instructions Can Execute Commands

CVE-2026-31854

Summary

The Cursor code editor's AI model may follow malicious instructions from a website, potentially executing unintended commands if the user visits a compromised site. This can happen if the user has visited a malicious website and the editor's security settings are not properly configured. Update to version 2.0 to fix this issue.

Original title

Original description

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.

nvd CVSS4.0 8.7

Vulnerability type

CWE-78 OS Command Injection

https://github.com/cursor/cursor/security/advisories/GHSA-hf2x-r83r-qw5q

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026