Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI, an AI-powered code editor, allowed attackers to chain an indirect prompt injection with a sandbox bypass and the tool’s remote tunnel feature to gain shell access to developer devices. The flaw exposed machines by exploiting the interaction between these components without requiring direct user interaction. No specific CVE ID, dates, or affected version numbers were disclosed in the report. The impact included unauthorized access to developer systems, though the exact scale of exploitation remains unclear. The issue highlights risks in AI-assisted development tools with remote connectivity features.