A pair of critical vulnerabilities, collectively tracked as DuneSlide, have been disclosed in the Cursor AI integrated development environment. The flaws enable zero-click prompt injection attacks that bypass Cursor's security sandbox entirely. An attacker can exploit these weaknesses to execute arbitrary code at the operating system level without any user interaction.

DuneSlide carries a maximum CVSS score of 10.0, reflecting its potential for full system compromise without requiring authentication or user action. The vulnerabilities affect all versions of Cursor prior to the latest patch released today. Security researchers at Synacktiv discovered and reported the flaws, noting they can be triggered simply by opening a malicious file in the IDE.

The attack vector relies on prompt injection, where adversarial inputs embedded in code or chat messages trick the AI model into executing unintended actions. In this case, the injection escapes Cursor's intended containment mechanisms, granting the attacker access to system-level processes. Indicators of compromise include unexpected code execution from within the IDE or anomalous behavior in the host system's process list.

Cursor developers have released an emergency update that patches the DuneSlide vulnerabilities for all supported platforms. Users are strongly advised to update their installations immediately through the IDE's built-in update mechanism or by downloading the latest version from the official website. No other workarounds exist for unpatched versions.

The discovery highlights an emerging threat class as AI-powered development tools become ubiquitous. While Cursor has not disclosed whether DuneSlide has been exploited in the wild, the flaws provide a template for similar attacks on other AI-integrated software.