CVE-2026-61613 PUBLISHED

Cursor: Cloud Agent Browser Sandbox Escape

Assigner: GitHub_M
Reserved: 10.07.2026 Published: 15.07.2026 Updated: 15.07.2026

Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from inside the agent container to an unauthenticated local agent endpoint, enabling code execution within the affected Cloud Agent sandbox or session and access to files, repository contents, environment variables, credentials, and GitHub App access tokens available to that session. This issue was fixed on 03/31/2026 by requiring authentication for the relevant agent endpoint.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSS Score: 7.7

Product Status

Vendor cursor
Product cursor
Versions
  • Version < 03/31/2026 is affected

References

Problem Types

  • CWE-306: Missing Authentication for Critical Function CWE