Is CVE-2026-26268 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-26268 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-26268

CVE-2026-26268 turns the act of cloning a Git repository in Cursor into automatic remote code execution. No file needs to be opened. No prompt needs to be accepted. The tool building the AI-first web is itself a one-step compromise vector — and every line of code it produces in a compromised session is suspect.

2026

What WebPulse reported · 1 analysis

Cursor AI: Clone a Repository, Execute Arbitrary Code. Zero Clicks Required.

CVE-2026-26268 turns the act of cloning a Git repository in Cursor into automatic remote code execution. No file needs to be opened. No prompt needs to be accep

June 22, 2026

View CVE-2026-26268 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657