Code Execution Vulnerability in Cursor Cloud Agent by Cursor
CVE-2026-61613

7.7HIGH

Key Information:

Vendor

Cursor

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-61613?

A code execution vulnerability was identified in Cursor's Cloud Agent prior to the fix deployed on March 31, 2026. This flaw allowed attacker-controlled web content to interact with an unauthenticated local agent endpoint, effectively granting malicious users the ability to execute arbitrary code within the sandboxed environment. As a result, sensitive data such as files, repository contents, environment variables, credentials, and GitHub App access tokens were vulnerable to unauthorized access during Cloud Agent sessions. The issue was mitigated by implementing authentication requirements for the affected endpoint.

Affected Version(s)

cursor < 03/31/2026

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.