TWO critical vulnerabilities in the AI code editor Cursor, identified as CVE-2026-50548 and CVE-2026-50549 with a CVSS score of 9.8, can lead to remote code execution (RCE) on the underlying operating system. The first issue involves the sandbox's security boundaries being bypassed due to a non-default _working_directory parameter, allowing attackers to set the working directory to unauthorized paths.
The second flaw enables exploitation through symbolic links, allowing attackers to create symlinks that mislead Cursor's path resolution process. Both vulnerabilities were reported in February and patched in Cursor 3.0, released on April 2.