CVE 8.5 HIGH

Cursor Desktop sandbox escape via Claude hook configuration_CVE-2026-48124

June 15, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context when an agent turn ends. This could allow sandbox escape, persistence across turns, local data access, or follow-on compromise. This issue has been fixed in version 3.0.0.

AI Analysis

Sandbox escape via Claude hook configuration in Cursor Desktop

Basic Information

ID CVE-2026-48124

Source GitHub_M

Published Jun 15, 2026 at 19:56

Affected Product

Vendor cursor

Product cursor

Version < 3.0.0

Affected Versions cursor cursor < 3.0.0

CWE Classification

CWE-829 CWE-94

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Cursor

Product Cursor Desktop

Version < 3.0.0

References

github.com /cursor/cursor/security/advisories/GHSA-pc9j-3qc2-95wv

{
    "lastseen": "",
    "description": "Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context when an agent turn ends. This could allow sandbox escape, persistence across turns, local data access, or follow-on compromise. This issue has been fixed in version 3.0.0.",
    "published": "2026-06-15T19:56:07.573Z",
    "modified": "2026-06-15T19:56:07.573Z",
    "type": "cve",
    "title": "Cursor Desktop sandbox escape via Claude hook configuration",
    "source": "GitHub_M",
    "references": "https://github.com/cursor/cursor/security/advisories/GHSA-pc9j-3qc2-95wv",
    "id": "CVE-2026-48124",
    "bulletinFamily": "",
    "cwe": [
        "CWE-829",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "cursor cursor < 3.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cursor",
    "version": "< 3.0.0",
    "vendor": "cursor",
    "ai_description": "Sandbox escape via Claude hook configuration in Cursor Desktop",
    "ai_severity": "High",
    "ai_vendor": "Cursor",
    "ai_product": "Cursor Desktop",
    "ai_version": "< 3.0.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply