<!-SC_OFF --><div class="md"><p>Cato AI Labs just disclosed DuneSlide, two critical RCE vulnerabilities found in Cursor IDE: CVE-2026-50548 and CVE-2026-50549. Both are rated Critical.</p&…
| CVE ID | CVE-2026-50548 |
| Vendor | reddit_netsec |
| Affected Product | Threat Intelligence |
| Vulnerability Type | Security Vulnerability |
| CVSS Score | 8.0 (HIGH) |
| Actively Exploited | ✅ Yes |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via reddit_netsec) |
<!-- SC_OFF --><div class="md"><p>Cato AI Labs just disclosed DuneSlide, two critical RCE vulnerabilities found in Cursor IDE: CVE-2026-50548 and CVE-2026-50549. Both are rated Critical.</p> <p>The interesting part is the attack path. This was not just prompt injection changing model output. The agent could ingest untrusted content from sources like MCP servers or web search results, then act through the app around it.</p> <p>With DuneSlide, zero-click prompt injection could become a path to:</p> <ul> <li>sandbox escape</li> <li>arbitrary file write</li> <li>unsandboxed remote code execution</li> </ul> <p>A user does not need to open a malicious file or run attacker-controlled co
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.