CVE-2026-26268, fixed in Cursor 2.5, allowed AI agents to rewrite insufficiently protected .git config and Git hooks, leading to out-of-sandbox RCE on the next Git operation.
APIs generated by Cursor and Claude Code often include authentication middleware but skip per-resource ownership checks. A look at IDOR/BOLA basics, typical patterns, and the fix of scoping DB queries by owner.
Cursor redesigned its UI from scratch, adding parallel agent execution, seamless cloud/local handoff, and Design Mode. Here is how that changes the IDE model and how it compares with other AI coding tools.
Cursor released Composer 2 without disclosing its base model; calling its OpenAI-compatible API revealed it is Kimi K2.5. This escalated into a licensing dispute, but a formal commercial agreement with Moonshot AI was subsequently confirmed.
