Vendors and modelsDeployer

Cursor AI failures

Every documented AI failure involving Cursor on the AI Failure Index, classified by the mechanism that broke.

Failures
4
Highest severity
High
Span
2025 to 2026
Failure modes
3
By failure mode
By severity
FI-0175SaaSHigh
Prompt Injection

CVE-2026-26268 let prompt injection escape the Cursor IDE sandbox via unprotected git hooks

CVE-2026-26268 is a high-severity sandbox escape vulnerability in Cursor IDE versions prior to 2.5, discovered by Novee Security and disclosed via a GitHub advisory on February 13, 2026. A prompt-injected AI agent could write to improperly protected .git settings including git hooks, enabling out-of-sandbox remote code execution when those hooks were automatically triggered by Git operations. The vulnerability was one of three Cursor IDE CVEs (alongside CVE-2026-22708 and CVE-2026-21523) that collectively formed a triple CVE chain targeting AI coding assistants.

Confidence
High (multi-source, primary)
Cursor3 sourcesPrimaryPublicJan 2026
FI-0176SaaSHigh
Prompt Injection

CVE-2026-21523: a TOCTOU race in Cursor IDE let prompt injection alter files post-validation

CVE-2026-21523 is a TOCTOU race condition (CWE-367) with a CVSS 3.1 base score of 8.0 that enables remote code execution via indirect prompt injection, documented by Vectra AI as part of a Cursor IDE triple CVE chain alongside CVE-2026-22708 and CVE-2026-26268. The official NVD and Microsoft MSRC records attribute the vulnerability to GitHub Copilot and Visual Studio Code, which Cursor inherits as a VS Code fork. The vulnerability allows an authorized attacker to exploit a temporal gap between security validation and execution to modify files and achieve code execution over a network.

Confidence
High (multi-source, primary)
Cursor3 sourcesPrimaryPublicJan 2026
FI-0012SaaSFeaturedHigh
Policy Violation

Cursor's support chatbot invented a usage policy that did not exist

An AI support agent at code-editor company Cursor told users they were no longer allowed to be logged in from multiple devices. The policy was hallucinated. The CEO apologized.

Confidence
Medium (multi-source)
Cursor (Anysphere)2 sourcesSocialPublicApr 2025
FI-0508SaaSMedium
Hallucination

Cursor AI support bot fabricates non-existent policy, causing user backlash

Cursor AI's support bot, Sam, hallucinated a restrictive multi-device subscription policy in response to a technical bug. This fabrication led to a wave of user complaints and subscription cancellations before the company corrected the error.

Confidence
Medium (multi-source)
Cursor AI3 sourcesPressPublicApr 2025

See how Realm catches these failure modes at runtime, before they reach production.

Book a Demo