Cursor Code Editor Arbitrary Code Execution Vulnerability via Prompt Injection and Whitelist Bypass
Vulnerability
A vulnerability in the Cursor code editor, prior to version 2.0, allows for arbitrary code execution through indirect prompt injections. When a user visits a website with malicious instructions, the model may inadvertently follow them to assist the user. If this is combined with a bypass of the command whitelist, it could lead to commands being executed automatically, without the user's explicit consent. This poses a significant security risk, especially for users interacting with untrusted websites via the Cursor Agent.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on a user's system through the Cursor Agent, even with Auto-Run Mode set to 'Use AllowList.' By delivering malicious prompt-injection content and circumventing the whitelist check, an attacker can execute commands without user approval, potentially compromising the system.
Remediation
Users can upgrade to Cursor version 2.0 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.