#3
SecurityWeek
general
July 03, 2026 at 07:57 UTC
Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
By Ionut Arghire
AI Summary
A set of critical vulnerabilities dubbed DuneSlide in the Cursor AI code editor enable zero-click prompt injection attacks that escape the application's sandbox and achieve OS-level remote code execution. Given Cursor's growing adoption among developers, these flaws pose supply-chain-adjacent risks where malicious code or untrusted prompts in a developer's workflow could fully compromise the host machine.
Relevance score: 84.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →