Critical OS-Level RCE via "DuneSlide" in Cursor AI
Researchers at Cato Networks have identified "DuneSlide," a pair of critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in the Cursor AI IDE. These flaws enable prompt-injection-driven sandbox escapes, escalating from LLM interactions to full operating system-level Remote Code Execution (RCE). Attackers can leverage malicious Model Context Protocol (MCP) servers or poisoned web search results to manipulate the run_terminal_cmd tool and bypass path canonicalization logic via symbolic links. Successful exploitation allows unauthorized file writes outside the project root, enabling attackers to overwrite the cursorsandbox executable, modify shell configurations, or establish persistence via macOS LaunchAgents, resulting in total system compromise.