Command approval prompt always says "Run in sandbox" even when running with full permissions

mzs · February 8, 2026, 4:41am

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

When Cursor runs a command, and decides the command fails due to sandboxing (filesystem or network), it usually runs the command with full permissions. This triggers an approval prompt, but the prompt always says “Run in sandbox” - it doesn’t make it clear that it’s not actually sandboxed.

If I’m paying attention I can see the agent said “The sandbox blocked the operation. Let me run with full permissions.” before launching the approval prompt, but that’s in dark grey text on a black background, and the approval prompt itself appears to be saying it’s running in a sandbox.

Steps to Reproduce

Convince the agent to run a command that will fail due to sandboxing. (for me, it was just npm ci, since that tries to delete files)

After the first failure, the agent will prompt for approval to run the command.

Expected Behavior

The approval prompt should clearly show that full permissions are being used to run the command, instead of showing that it’s running in a sandbox.

Screenshots / Screen Recordings

Operating System

MacOS

Version Information

Cursor IDE 2.4.28

For AI issues: which model did you use?

Auto

For AI issues: add Request ID with privacy disabled

Request ID: 12226df8-70b9-4560-a052-fb4c8cc3457a

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · February 8, 2026, 7:50am

Hey, thanks for the report. This is a UI bug. The dropdown says “Run in Sandbox”, but after a sandbox failure the command actually runs with full permissions. The label just doesn’t update.

So in practice, when you click Run in this prompt, you’re running the command WITHOUT sandbox restrictions, even though the button text says otherwise. The agent message above the prompt (“Let me run it without sandbox restrictions”) is accurate.

Functionally everything works correctly, just ignore the incorrect dropdown text.

Karl_Kovaciny · February 24, 2026, 10:11am

Thanks for confirming that. The bug matters because it means any command I approve could potentially have access to my full AWS account, unsandboxed. The proper UI for this ought to be the “Run” button turning bright red and changing to “Run Dangerously”, not a light gray label that may or may not update till the bug is fixed.

mzs · March 9, 2026, 8:14pm

This appears to have been fixed in Cursor 2.6.13. It now says “Run outside sandbox” in the prompt UI. Thanks!

Topic		Replies	Views
Sandbox shell command runs with network permission without asking Bug Reports sandbox , terminal , auto-run	2	52	March 7, 2026
Command Allowlist is silently ignored when "Auto-Run in Sandbox" is enabled Bug Reports sandbox , terminal , auto-run , windows	2	273	March 4, 2026
Cursor Agent suddenly committing things to Git on its own Bug Reports terminal , auto-run	1	125	March 12, 2026
No option for "Allow" on terminal commands Bug Reports terminal , auto-run	3	70	March 8, 2026
Missing Tool Name in Agent Approval Dialog (Playwright MCP & Browser Automation) Bug Reports mcp , browser , auto-run	5	84	March 6, 2026