DuneSlide (CVE-2026-50548 / CVE-2026-50549): Zero-Click Prompt Injection Escapes Cursor’s Sandbox and Runs Arbitrary Code on Fortune 500 Developer Machines — No User Interaction Required
Cato AI Labs disclosed DuneSlide — two CVSS 9.8 vulnerabilities in Cursor IDE used by more than half the Fortune 500. Zero-click prompt injection from a poisoned MCP server response or web search result escapes Cursor’s terminal sandbox and runs arbitrary code on the developer’s machine. CVE-2026-50548 abuses the working_directory parameter to overwrite the cursorsandbox binary. CVE-2026-50549 abuses a symlink canonicalization fallback. Both patched in Cursor 3.0 (April 2, 2026). Every version before 3.0 is vulnerable. Cato says similar flaws exist in all popular coding agents — the problem is structural.
