Is CVE-2026-46406 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-46406 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-46406

CVE-2026-50548 and CVE-2026-50549: working directory manipulation and symlink canonicalization bypass in Cursor pre-3.0. The AI coding tool that developers trust with filesystem access had no real sandbox.

2026

What WebPulse reported · 1 analysis

Cursor AI Editor: Two CVSS 9.8 Sandbox Escapes Let a Malicious Agent Write Anywhere on Disk

CVE-2026-50548 and CVE-2026-50549: working directory manipulation and symlink canonicalization bypass in Cursor pre-3.0. The AI coding tool that developers trus

June 27, 2026

View CVE-2026-46406 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657