Browse all 4 CVE security advisories affecting getcursor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Getcursor is an AI-powered coding assistant designed to streamline development workflows through intelligent code completion and refactoring suggestions. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, primarily stemming from improper input validation and insecure API integrations. The application's extensive plugin architecture and network communication features have frequently introduced attack vectors, with four documented CVEs highlighting risks in its extension handling and data processing capabilities. While no major public security incidents have been reported, the consistent pattern of vulnerabilities suggests developers should implement strict sandboxing and input sanitization when using the tool in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49150 | Cursor Agent Potentially Leaks Information using JSON schema — cursorCWE-200 | 5.9 | Medium | 2025-06-11 |
| CVE-2025-32018 | Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs — cursorCWE-22 | 8.1 | High | 2025-04-08 |
| CVE-2024-48919 | RCE via Prompt Injection Into Cursor's Terminal Cmd-K — cursorCWE-20 | 8.8AI | HighAI | 2024-10-22 |
| CVE-2024-45599 | TCC Bypass in Cursor's macOS Application — cursorCWE-277 | 3.8 | Low | 2024-09-24 |
This page lists every published CVE security advisory associated with getcursor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.