Horizon Alert
Summary of the vulnerability and why it matters
This advisory addresses a critical security flaw in Cursor, a code editor that integrates AI features. A vulnerability exists where a malicious agent within the editor could manipulate its sandboxing mechanism to execute arbitrary code on the user's machine without requiring any user interaction beyond a standard prompt. This could allow an attacker to gain control of the user's system, bypassing intended security measures.
- Code editor can be tricked into running dangerous commands.
- It allows remote code execution with no user interaction.
- Confirm if Cursor is used and assess potential exposure.
Attack Path
How an attacker could exploit the issue
An attacker could exploit this vulnerability by tricking a user into running a malicious agent command within the Cursor code editor. This command, by manipulating a parameter, could trick the editor's sandbox into allowing arbitrary file writes outside the intended workspace, ultimately enabling the attacker to execute code on the user's system without further interaction.
- Requires a user to run agent commands.
- Malicious agent modifies working directory.
- Leads to unsandboxed remote code execution.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, a malicious agent within Cursor could manipulate the sandbox to write arbitrary files outside the intended workspace. This could lead to the execution of non-sandboxed commands with the user's privileges, potentially enabling remote code execution without further user interaction beyond an initial prompt.
- User-controlled code execution.
- Arbitrary file writes outside workspace.
- Unsandboxed command execution.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability impacts users of the Cursor code editor, specifically concerning how agent terminal commands are handled. The first practical step is for users to identify their Cursor installation, confirm its reachability and business criticality, and then coordinate with the application or platform owner to plan for the update to version 3.0 or later.
- Cursor application and platform owners.
- Verify Cursor installation and version.
- Update to Cursor version 3.0 or later.