Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
Cursor Code Editor versions before 2.5 allow malicious Git commands
CVE-2026-26268
Summary
Old versions of Cursor Code Editor had a security weakness that could allow an attacker to run malicious code in the editor's environment. This could happen if a malicious user was able to write to the editor's Git settings, which could then be executed automatically. Upgrading to version 2.5 or later fixes this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| anysphere | cursor | <= 2.5 | – |
Original title
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to im...
Original description
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
nvd CVSS3.1
9.9
Vulnerability type
CWE-862
Missing Authorization
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026