Anysphere Security Vulnerabilities (CVEs)
Track 13 security vulnerabilities affecting Anysphere products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a sandbox escape vulnerability in Cursor code editor versions prior to 2.5. A malicious AI agent could write to improperly protecte...
Feb 13, 2026This vulnerability in Cursor AI code editor allows attackers to execute shell built-ins without allowlist approval when the Cursor Agent runs in Auto-...
Jan 14, 2026A logic bug in Cursor AI code editor versions 1.7.23 and below allows malicious agents to bypass file protection mechanisms. Attackers who achieve pro...
Nov 5, 2025This vulnerability in Cursor code editor allows attackers to execute arbitrary commands on a victim's system by tricking them into clicking a maliciou...
Nov 4, 2025This vulnerability in Cursor AI code editor allows attackers to bypass path manipulation detection by using backslashes instead of forward slashes, en...
Nov 4, 2025This CVE describes a path traversal vulnerability in Cursor AI code editor that allows attackers to bypass sensitive file protections via NTFS path qu...
Nov 4, 2025This vulnerability in Cursor IDE allows attackers to bypass case-sensitive file protection checks on case-insensitive filesystems. By exploiting promp...
Oct 3, 2025This vulnerability allows remote code execution when users run Cursor CLI inside a malicious repository. Attackers can exploit permissive configuratio...
Oct 3, 2025This vulnerability allows remote code execution in Cursor AI code editor versions 1.6 and below through manipulation of Visual Studio Code workspace f...
Oct 3, 2025Cursor code editor versions below 1.3.9 allow attackers to exploit indirect prompt injection to write malicious MCP configuration files without user a...
Aug 5, 2025Cursor code editor versions 1.17 through 1.2 contain a UI information disclosure vulnerability in the MCP deeplink handler that allows attackers to ex...
Aug 2, 2025This vulnerability allows attackers to bypass Cursor code editor's allowlist in auto-run mode using backtick (`) or $(cmd) syntax, enabling arbitrary ...
Aug 1, 2025This vulnerability in Cursor code editor versions below 1.3 allows attackers to exfiltrate sensitive information via Mermaid diagram image rendering. ...
Aug 1, 2025Why Monitor Anysphere Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 13+ known vulnerabilities affecting Anysphere products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Anysphere packages in under 60 seconds. No agents required - completely agentless scanning that works across Anysphere deployments.
Free vulnerability database: Access detailed information about every Anysphere CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Anysphere CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
