CVE-2026-48124 | Cursor is a code editor built for programming with AI. In ve… | CVSS 8.5 HIGH

Description

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context when an agent turn ends. This could allow sandbox escape, persistence across turns, local data access, or follow-on compromise. This issue has been fixed in version 3.0.0.

Metadata

CVE ID: CVE-2026-48124
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-20 18:46 UTC
Published: 2026-06-15 19:56 UTC
Last updated: 2026-06-15 19:56 UTC
Primary CWE: CWE-829
CWE-829: Inclusion of Functionality from Untrusted Control S…
Vendor / Product: cursor / cursor
Sources: cve.org · NVD

Severity & Metrics

8.5 HIGH CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products (1)

Vendor	Product	Platform	Versions
cursor	cursor	—	< 3.0.0

Weakness (CWE)

CWE	Source	Description
CWE-829	cna	CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWE-94	cna	CWE-94: Improper Control of Generation of Code ('Code Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://github.com/cursor/cursor/security/advisories/GHSA-pc9j-3qc2-95wv https://github.com/cursor/cursor/security/advisories/GHSA-pc9j-3qc2-95wv