Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total1

Critical0

High1

Medium0

Search Severity Year Type Sort Order

Reset

Showing 1-1 of 1 records

Threat Entry Updated 2026-02-03

CVE-2026-22708 - Cursor Plugin

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3.

PLUGIN Cursor

CVE-2026-22708

HIGH CVSS 7.2 2026-01-14

Risk Score

Open Full Technical Breakdown

Scroll to top

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2026-22708 - Cursor Plugin

Company Links

Contact Us