CVE-2026-26268 — Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to impro — CVE Database · The Intelligence Room