CVE-2026-26268
published 2026-02-13CVE-2026-26268: Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent…
PriorityP260critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.49%
38.4th percentile
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anysphere | cursor | < 2.5 | 2.5 |
| cursor | cursor | < 2.5 | 2.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for creation or modification of Git hook files (e.g., post-checkout, pre-commit) inside nested or bare repositories (.git directories) within project workspaces, especially when triggered by an AI agent process such as Cursor. ↗
- →Alert on AGENTS.md files present in cloned repositories that contain instructions to navigate into bare/nested repositories and execute git operations — this is the delivery mechanism for the prompt injection attack chain. ↗
- →Detect post-checkout or pre-commit Git hook execution spawned as a child process of the Cursor IDE process, particularly when the hook resides inside a nested bare repository rather than the top-level .git directory. ↗
- →The attack requires no user interaction beyond opening the repository and issuing a routine prompt; detection should focus on process lineage: Cursor IDE → git → hook script execution. ↗
- ·The vulnerability is fixed in Cursor version 2.5; any deployment running versions prior to 2.5 is vulnerable. Upgrade is the primary mitigation. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Checkpoint
4th May – Threat Intelligence Report
blogs_checkpoint·2026-05-04·CVSS 9.9
CVE-2026-26268 [CRITICAL] 4th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 4th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data, while the company reported no impact on products, operations, or financial systems. Threat group ShinyHunters claimed the theft of 9 million records, and Medtronic is evaluating what data was expose
Hackernews
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
blogs_hackernews·2026-05-04·CVSS 9.3
CVE-2026-41940 [CRITICAL] ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.
While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.
The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses — except their product is chaos. And the underground is getting uncomfortably professional.
Here’s the full week
Hackernews
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
blogs_hackernews·2026-04-30
CVE-2026-26268 Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems.
"The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration," Novee Security said in a Wednesday report. "This triggered command execution directly on the host system, bypassing security before the agent’s sandbox even in
Wiz
CVE-2026-26268 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.0
CVE-2026-26268 [HIGH] CVE-2026-26268 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26268 :
NixOS vulnerability analysis and mitigation
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
Source : NVD
## 9.9
Score
Published February 13, 2026
Severity CRITICAL
CNA Score 8.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.7
Exploitation Probability (EPSS) N/
2026-02-13
Published