threat
engine
.sh
Back
·
··:··
Home
/
Product
/
anysphere cursor
Product
anysphere cursor
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-31854
< 2.0
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instruction
8.8
HIGH
CVE-2026-26268
< 2.5
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prio
8.0
HIGH
CVE-2026-22708
< 2.3
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowli
9.8
CRITICAL
CVE-2025-64110
< 2.0
Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read
7.5
HIGH
CVE-2025-64108
< 2.0
Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injec
8.8
HIGH
CVE-2025-64107
< 2.0
Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RC
8.8
HIGH
CVE-2025-64106
< 2.0
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP serv
8.8
HIGH
CVE-2025-59944
<= 1.6.23
Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor I
8.0
HIGH
CVE-2025-61593
<= 1.7
Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent prot
7.1
HIGH
CVE-2025-61592
<= 1.7
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI config
8.8
HIGH
CVE-2025-61591
<= 1.7
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untru
8.8
HIGH
CVE-2025-61590
< 1.7
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attack
7.5
HIGH
CVE-2025-61589
< 1.7
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding
5.9
MEDIUM
CVE-2025-54135
< 1.3.9
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions
8.5
HIGH
CVE-2025-54130
< 1.3.9
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions
7.5
HIGH
CVE-2025-54136
< 1.3
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent co
7.2
HIGH
CVE-2025-54133
>= 1.1.7 and < 1.3
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerab
9.6
CRITICAL
CVE-2025-54132
< 1.3
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows em
4.4
MEDIUM
CVE-2025-54131
< 1.3
Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mo
6.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin