CVE-2026-26268
Awaiting Analysis Awaiting Analysis - Queue
Sandbox Escape via .git Misconfiguration in Cursor Editor Leads to RCE

Publication date: 2026-02-13

Last updated on: 2026-02-18

Assigner: GitHub, Inc.

Description
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26268
EUVD
EUVD-2026-7368
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anysphere cursor to 2.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-26268 is a high-severity vulnerability in the Cursor code editor prior to version 2.5. It allows a malicious actor to escape the sandbox by writing to improperly protected .git configuration files, including Git hooks. Since Git automatically executes these hooks, this can lead to remote code execution (RCE) outside the sandbox without any user interaction.

Impact Analysis

If exploited, this vulnerability can lead to remote code execution outside the sandbox environment, allowing an attacker to run arbitrary code with high privileges. This compromises the confidentiality, integrity, and availability of the affected system, potentially leading to severe security breaches.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves checking for unauthorized or malicious modifications to the .git configuration files, especially Git hooks, within the cursor software environment prior to version 2.5.

You can inspect the .git directory for suspicious or unexpected hook scripts that may have been added or altered. For example, running commands to list and examine Git hooks can help identify potential exploitation:

  • List Git hooks in the repository: ls -l .git/hooks/
  • View the contents of specific hook scripts to check for malicious code: cat .git/hooks/pre-commit (or other hook files)
  • Check for unusual changes in .git/config or other configuration files: cat .git/config

Monitoring for unexpected writes or changes to these files, especially by untrusted or low-privilege processes, can help detect attempts to exploit this vulnerability.

Mitigation Strategies

The primary mitigation step is to upgrade the cursor software to version 2.5 or later, where this vulnerability has been fixed.

Additionally, ensure that the .git directory and its configuration files, including Git hooks, have proper permissions to prevent unauthorized write access.

Restrict high privileges and limit access to the environment where cursor is running to reduce the risk of exploitation.

Regularly audit and monitor the .git configuration and hooks for unauthorized changes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart