CVE-2026-48124 | THREATINT

Description

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context when an agent turn ends. This could allow sandbox escape, persistence across turns, local data access, or follow-on compromise. This issue has been fixed in version 3.0.0.

PUBLISHED Reserved 2026-05-20 | Published 2026-06-15 | Updated 2026-06-16 | Assigner GitHub_M

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CWE-94: Improper Control of Generation of Code ('Code Injection')

Product status

< 3.0.0

affected

References

github.com/...cursor/security/advisories/GHSA-pc9j-3qc2-95wv

cve.org (CVE-2026-48124)

nvd.nist.gov (CVE-2026-48124)

Download JSON