Agents
CVE-2026-26268: Cursor IDE Sandbox Escape via Embedded Git Hook RCE (CVSS 8.1)
Novee Security disclosed a high-severity vulnerability in Cursor IDE where a malicious bare repository embedded inside a legitimate repo triggers a pre-commit hook when Cursor's AI agent runs git checkout — executing arbitrary code without user awareness or approval. Unlike traditional IDEs, Cursor's agent autonomously runs Git operations based on prompts, reducing the path from 'clone a repo' to 'attacker runs code' to a single routine action. Patched in Cursor v2.5 with proper authorization controls preventing writes to .git configuration from the sandbox. Anysphere published GHSA-8pcm-8jpx-hv8r in February 2026.
↳ Follow the thread