PatchSiren cyber security CVE debrief
CVE-2026-48124 cursor CVE debrief
CVE-2026-48124 is a high-severity vulnerability (CVSS Score: 8.5) affecting Cursor, a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from `.claude/settings.local.json` without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context when an agent turn ends. This could allow sandbox escape, persistence across turns, local data access, or follow-on compromise. The issue has been fixed in version 3.0.0.
- Vendor
- cursor
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-16
Who should care
Users of Cursor code editor versions prior to 3.0.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability allows execution of workspace-defined Claude hook commands without user approval, potentially leading to sandbox escape, persistence, local data access, or follow-on compromise.
Defensive priority
High
Recommended defensive actions
- Upgrade to Cursor version 3.0.0 or later.
- Review and restrict workspace-defined Claude hook commands in `.claude/settings.local.json`.
- Monitor for suspicious activity in Cursor Desktop.
Evidence notes
CVE-2026-48124 was published on 2026-06-15T21:17:13.927Z and has a CVSS Score of 8.5.
Official resources
-
CVE-2026-48124 CVE record
CVE.org
-
CVE-2026-48124 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-48124 was published on 2026-06-15T21:17:13.927Z.