The Cursor AI code editor is vulnerable to a sandbox escape that permits arbitrary file writes and Remote Code Execution under the user's privileges.

This is a sandbox escape vulnerability where the agent's working_directory parameter is improperly validated, allowing the agent to break out of the restricted sandbox environment. The vulnerability is exploitable by a malicious AI agent without further user interaction beyond an initial prompt.

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the full privileges of the user running the Cursor editor. Given the CVSS score of 9.3, the impact is critical, as it facilitates complete system compromise, potential lateral movement within the development environment, and the exfiltration of sensitive source code or credentials.

Immediate Action: Upgrade the Cursor application to version 3.0 or later immediately to apply the necessary sandbox boundary constraints.

Proactive Monitoring: Monitor terminal output and file system logs for unexpected write operations occurring outside of established project directories.

Compensating Controls: Limit the permissions of the user account running the Cursor application to the minimum necessary to perform development tasks to reduce the impact of a potential sandbox breakout.

Public Exploit Available: No

This vulnerability represents a significant risk to the integrity of development environments. Users and organizations utilizing Cursor should prioritize upgrading to version 3.0 immediately to remediate the sandbox escape flaw and prevent unauthorized remote code execution.