Two flaws in Cursor, an AI code editor, could let a single,
ordinary-looking prompt break out of the editor's safety sandbox
and run any command on a developer's computer. There is no click to
fall for and no approval box to ignore. Cato AI Labs found the
pair and named them DuneSlide. They are tracked
as CVE-2026-50548 and CVE-2026-50549, both rated 9.8
out of 10 (or 9.3
Read more https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html

