Skills
NomShub Attack Chain: Indirect Prompt Injection + Sandbox Breakout in Cursor Achieves Persistent Remote Shell Access via Built-In Tunnel
Security researchers at Straiker disclosed NomShub, a vulnerability chain in Cursor where indirect prompt injection in a malicious repository triggers a sandbox escape through Cursor's command parser, then leverages the editor's built-in remote tunnel feature to establish persistent, authenticated shell access to the victim's machine. Simply opening a crafted repo is sufficient for exploitation. This demonstrates that IDE-integrated AI agents with tunnel capabilities create attack surfaces that didn't exist in traditional development environments.
Source
↳ Follow the thread