CNNVD-202511-109 Information

CNNVD ID

CNNVD-202511-109

Related CVE

CVE-2025-64106

• CNNVD Published: 2025-11-04

Description (Chinese)

Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.7.28及之前版本存在操作系统命令注入漏洞，该漏洞源于MCP服务器安装过程中输入验证不足，可能导致特制深度链接绕过安全警告并隐藏执行的命令。

Description (English)

Cursor is an AI code editor at Cursor Open Source. Cursor 1.7.28 and previous versions had a bug in the operating system commands, which stemmed from inadequate input validation during the installation of the MCP server, which could lead to special depth links circumventing security warnings and concealing orders executed.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Cursor

Published

2025-11-04

Last Modified

2026-02-24

References

https://github.com/cursor/cursor/security/advisories/GHSA-4575-fh42-7848 https://access.redhat.com/security/cve/cve-2025-64106

Patch

https://cursor.com/cn