CVE-2026-22708
CRIT 9.8Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval.
This allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3.
Affected Applications in Environment
18
Cursor
v0.48.9
1 device
Cursor
v2.6.14 (2.4.37)
2 devices
Cursor
v2.2.43
1 device
Cursor
v2.5.20 (2.4.21)
2 devices
Cursor
v2.5.26 (2.5.17)
3 devices
Cursor
v1.4.3
1 device
Cursor
v3.0.9 (2.3.35)
1 device
Cursor
v2.6.18 (2.6.12)
4 devices
Cursor
1 device
Cursor
v2.0.43
1 device
Cursor
v2.0.69
1 device
Cursor
v2.0.73
1 device
Cursor
v2.6.11 (2.5.26)
3 devices
Cursor
v1.7.46
1 device
Cursor
v1.7.44
2 devices
Cursor
v0.44.11 (241206z7j6me2e2)
1 device
Cursor
v2.6.20 (2.2.20)
1 device
Cursor
v2.4.31 (2.3.41)
1 device
Affected Devices
20
A02431789-Y45D2V9TXH
Mac
DESKTOP-E1QVB6E
Windows
DPCPD-8N0184227
Windows
DPINFT-MJ0CFS1F
Windows
F-16
Mac
Kotaro
Mac
RobertsMacbookPro.local
Mac
SPER-5CD1529JSR
Windows
USULOAN446
Windows
a00015523-HL9P9L0MC7
Mac
a00288946-C02ZPYXBMD6N
Mac
a00288946-F6VM65M2H3
Mac
a00983376-G09J49PM70
Mac
a01621681-C02FP14GMD6T
Mac
a02304617-PQJMWR7W2M
Mac
a02324477-RR73X1VHHP
Mac
a02376833-F44QRWP393
Mac
a02462004-FVKH5QCYT2
Mac
adamthomas-H73N967GM2
Mac
zsolt_ugray's MacBook Air-L6XRV629N4
Mac