CVE-2026-26268 – This CVE describes a sandbox escape vulnerabili... (How to Fix)

Q: What is the severity of CVE-2026-26268?

CVE-2026-26268 has a CVSS score of 8.0 (HIGH). This CVE describes a sandbox escape vulnerability in Cursor code editor versions prior to 2.5. A malicious AI agent could write to improperly protected .git configuration files, potentially leading to remote code execution when Git automatically executes hooks. All users of Cursor versions before 2.5 are affected.

📋 TL;DR

This CVE describes a sandbox escape vulnerability in Cursor code editor versions prior to 2.5. A malicious AI agent could write to improperly protected .git configuration files, potentially leading to remote code execution when Git automatically executes hooks. All users of Cursor versions before 2.5 are affected.

💻 Affected Systems

Products:

Cursor AI Code Editor

Versions: All versions prior to 2.5

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when using Git integration features.

📦 What is this software?

Cursor by Anysphere

View all CVEs affecting Cursor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution when Git hooks trigger, allowing attacker to execute arbitrary commands on the host system.

🟠

Likely Case

Local file system manipulation and potential privilege escalation within the user's environment.

🟢

If Mitigated

Limited to sandboxed environment with no access to host system or critical resources.

🌐 Internet-Facing: MEDIUM - Requires malicious AI agent interaction but no direct internet exposure needed.

🏢 Internal Only: HIGH - Internal developers using vulnerable Cursor versions are primary targets.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires malicious AI agent interaction but no user authentication. Git automatically executes hooks without user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5

Vendor Advisory: https://github.com/cursor/cursor/security/advisories/GHSA-8pcm-8jpx-hv8r

Restart Required: Yes

Instructions:

1. Open Cursor editor 2. Go to Settings > About 3. Check for updates 4. Install version 2.5 or later 5. Restart Cursor

🔧 Temporary Workarounds

Disable Git Hooks

all

Prevent Git from automatically executing hooks by disabling hook execution globally

git config --global core.hooksPath /dev/null

Restrict Git Configuration

linux

Set Git configuration to read-only for Cursor processes

chmod -R a-w ~/.gitconfig
chmod -R a-w .git

🧯 If You Can't Patch

Disable AI agent functionality in Cursor settings
Use Cursor in isolated container or VM without host system access

🔍 How to Verify

Check if Vulnerable:

Check Cursor version in Settings > About. If version is less than 2.5, system is vulnerable.

Check Version:

In Cursor: Help > About or Settings > About

Verify Fix Applied:

Confirm Cursor version is 2.5 or higher in Settings > About and verify .git directory permissions are properly restricted.

📡 Detection & Monitoring

Log Indicators:

Unexpected .git configuration file modifications
Git hook execution from Cursor process
Unusual file writes to .git directories

Network Indicators:

Outbound connections from Cursor to unexpected destinations after Git operations

SIEM Query:

process_name:"Cursor" AND file_path:"*.git*" AND action:"write"

📊 Metadata

CVE ID: CVE-2026-26268

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-862

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: February 13, 2026

Last Updated: February 18, 2026

🔗 References

https://github.com/cursor/cursor/security/advisories/GHSA-8pcm-8jpx-hv8r Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26268, you might also want to check these: