Security News Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands TheHackerNews Daniel Bender 01 Jul 2026 Share Patched in Cursor 3.0, CVE-2026-50548 and CVE-2026-50549 could enable zero-click command execution via hidden instructions.