Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

Cursor

Researchers find widespread remote code execution risk in AI inference engines from unsafe ZMQ and pickle use

Research, Risk, Vendors, Vulnerabilities

November 15, 2025

Researchers found a recurring insecure pattern — pickle deserialization over unauthenticated ZeroMQ sockets — in multiple AI inference frameworks, creating remote code execution risks across projects including vLLM, NVIDIA TensorRT-LLM, Modular Max Server and SGLang; related research also showed browser and IDE injection risks in Cursor.
Cursor AI editor vulnerability could enable covert code execution on folder open, researchers warn

News, Privacy, Risk, Vulnerabilities

September 12, 2025

A vulnerability in Cursor, the AI-augmented fork of Visual Studio Code, could allow attackers to silently run code on a user’s machine when a repository is opened, researchers warn, due to default Workspace Trust settings and potential autorun configurations.

About
Editorial Policy
Privacy
Contact