CVE-2026-31854 — OS Command Injection in Cursor

CWE-78 — OS Command Injection2 documents2 sources

Severity

8.7HIGHNVD

EPSS

0.1%

top 84.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cursor Anysphere Cursor

Timeline

PublishedMar 11

Description

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5cursor/cursor< 2.0

▶NVDanysphere/cursor< 2.0

🕵️Threat Intelligence

Wiz

CVE-2026-31854 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶