importantSYS.SOURCE: The Hacker News• 2026-07-01T20:12:54+05:30
Prompt Injection Vulnerabilities in AI Code Editors Lead to Sandbox Escape and Command Execution
#Prompt Injection#Sandbox Escape#AI Vulnerabilities#Code Editor Security
Two critical flaws in the Cursor AI code editor, named DuneSlide, allow a single prompt injection to bypass security sandboxes and execute arbitrary commands on the developer's machine. These vulnerabilities stem from flaws in how the AI agent interacts with system paths and safety checks, potentially leading to full system control.
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore.
Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3
*** END OF TRANSMISSION ***