CVE•Published 2026-01-14•1 article on news•6 live references•NVD data
CVE-2026-22708
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
7.2
HIGH
EPSS percentile
41
Exploit Prediction Scoring System · top 59% of all CVEs
Description
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3.
Timeline
Published 2026-01-14
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2026-22708Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Anysphere Cursor" version:"0.50"Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Cursor"HTTP body or banner mentions "Cursor" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-22708Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-22708Censys host search filtered to this CVE id.
grep.app
CVE-2026-22708Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-22708GitHub code search for direct mentions.
Google dork
"CVE-2026-22708" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2026-227088 repos
adibirzu/openclaw-security-monitorShell
Proactive security monitoring for OpenClaw deployments. Detects ClawHavoc, AMOS stealer, CVE-2026-25253, memory poisoning, and supply chain attacks.
Cogensec/GideonTypeScript
Open-Source autonomous security operations and red teaming agent built to help defenders investigate threats, analyze vulnerabilities, assess indicators of compromise, generate har…
Antonlovesdnb/fishbowlRust
Containerized credential auditing perimeter for AI coding agents. Wraps Codex/Claude Code in Docker, audits every credential access via eBPF.
Senturkselim/CGTI-for-OpenClawPython
Purpose built Suricata IDS/IPS management tool for OpenClaw AI agent community 646 detection rules, cross platform
np6126/tank-agent-osShell
Run an autonomous AI coding agent — opencode, claw-code, or Claude Code — under controls it cannot disable. Fedora bootc + rootless Podman appliance with audited egress proxy, ker…
hugoventures1-glitch/agentvaultTypeScript
enabling the safe use of OpenClaw
RichardBarron27/RichardBarron27unknown
securelayer7/ResearchPython
Vulnerability Research & CVE Analysis by SecureLayer7