Cursor not honoring command allowlist

aldentharwood · November 7, 2025, 12:48am

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I only have a small subset of commands allowlisted, and one of them is cd. Cursor is now able to run ANY command because it runs cd first into the directory, then &&'s another command. the allowlist clearly only looks at the first command (cd), so it allows it. Pretty brutal edge case

Steps to Reproduce

I only have a small subset of commands allowlisted, and one of them is cd. Cursor is now able to run ANY command because it runs cd first into the directory, then &&'s another command. the allowlist clearly only looks at the first command (cd), so it allows it. Pretty brutal edge case

Expected Behavior

Follow the allowlist

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.0.60
VSCode Version: 1.99.3
Commit: c6d93c13f57509f77eb65783b28e75a857b74c00
Date: 2025-11-05T00:50:54.645Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 24.6.0

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

sanjeed5 · November 7, 2025, 11:34am

Thanks for the report, I’ve raised it with the team.

aldentharwood · November 14, 2025, 6:43pm

@sanjeed5 any update here? this is actually a pretty brutal bug and is really slowing down our development since we had to turn command allowlisting off entirely to avoid it having free reign over any commands. It runs cd before everything, so we had to remove that and thus now have to approve every single command run

sanjeed5 · November 17, 2025, 12:19pm

Hey @aldentharwood, thanks for the report. This was fixed quite a while back and I’m not able to reproduce this.

Can you check if this is happening for you on the latest version?

To help investigate further, could you please share:

Example command that bypassed your allowlist (e.g., cd /path && rm file)
Request ID when this happens: CMD/CTRL + Shift + P > Report AI Action > Copy Request ID

Thanks!

aldentharwood · November 19, 2025, 7:25pm

@sanjeed5 Oh great, wasn’t aware. I haven’t seen it happen yet today after turning sandbox back on, so things look good. will let you know if I see it again

system · December 11, 2025, 7:25pm

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
`cd` and allowlist Bug Reports	2	85	October 21, 2025
Allowlist ignored [not reproduced] Bug Reports	1	61	August 26, 2025
Agents git committing when they shouldn't Bug Reports	3	44	December 4, 2025
Agent running commands that are not on allowlist Bug Reports	3	21	December 15, 2025
Running in Sandbox vs Allowlist Bug Reports	2	266	November 24, 2025