HIGH
cursor
CVE published 2026-06-15
CVE-2026-48124
CVE-2026-48124 is a high-severity vulnerability (CVSS Score: 8.5) affecting Cursor, a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from `.claude/settings.local.json` without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context [truncated]