Every CVE whose affected-product data names Anysphere Cursor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2026-22708 — CVSS 9.8 (critical): Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode…
CVE-2026-50549 — CVSS 9.8 (critical): Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a…
CVE-2026-50548 — CVSS 9.8 (critical): Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the…
CVE-2025-54133 — CVSS 9.6 (critical): Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in…
CVE-2025-61592 — CVSS 8.8 (high): Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration…
CVE-2025-61591 — CVSS 8.8 (high): Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP…
CVE-2025-64106 — CVSS 8.8 (high): Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server…
CVE-2025-64107 — CVSS 8.8 (high): Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor…
CVE-2025-64108 — CVSS 8.8 (high): Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection…
CVE-2026-31854 — CVSS 8.8 (high): Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the…
CVE-2025-54135 — CVSS 8.5 (high): Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below…
CVE-2025-59944 — CVSS 8.0 (high): Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE…
CVE-2026-26268 — CVSS 8.0 (high): Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5…
CVE-2025-64110 — CVSS 7.5 (high): Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive…
CVE-2025-54130 — CVSS 7.5 (high): Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than…
CVE-2025-61590 — CVSS 7.5 (high): Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through…
CVE-2025-54136 — CVSS 7.2 (high): Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code…
CVE-2025-61593 — CVSS 7.1 (high): Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its…
CVE-2025-54131 — CVSS 6.4 (medium): Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a…
CVE-2025-61589 — CVSS 5.9 (medium): Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images…
CVE-2025-54132 — CVSS 4.4 (medium): Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding…