CNNVD-202510-456 Information

CNNVD ID

CNNVD-202510-456

Related CVE

CVE-2025-61591

• CNNVD Published: 2025-10-03

Description (Chinese)

Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.7及之前版本存在操作系统命令注入漏洞，该漏洞源于OAuth身份验证过程中可能返回特制命令，可能导致命令注入和远程代码执行。

Description (English)

Cursor is an AI code editor at Cursor Open Source. Cursor 1.7 and previous versions had a loophole in the operating system command, which stemmed from the possibility of returning to a special order during the OAuth authentication process, which could lead to an order injection and remote code execution.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Cursor

Published

2025-10-03

Last Modified

2026-02-24

References

https://github.com/cursor/cursor/security/advisories/GHSA-wj33-264c-j9cq