Cursor Puts itself in more restrictive Sandbox mode

aldentharwood · January 7, 2026, 2:48pm

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I have sandbox mode turned on with a command allowlist, but cursor still sometimes can;t run some of the allowlisted clis and says it is hitting certificate issues, even with commands that are in my allowlist and it has run before. More advanced models always figure out that they are somehow sandboxing themselves and they say “turning off sandbox mode” then they work. not sure why the agent has control over its own sandbox settings, and why its sandboxing itself more restrictively than my settings?

It’s weird too because when it says a cli isn’t working, I can just tell it to turn off sandbox then it is able to run them fine.. So its clearly not a settings issue on my side.

Steps to Reproduce

Not sure when this happens versus not, I just ask it to run something like the github cli and it works one time, then doesn’t work the second until I tell it to turn off sandbox mode then it works

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.2.44
VSCode Version: 1.105.1
Commit: 20adc1003928b0f1b99305dbaf845656ff81f5d0
Date: 2025-12-24T21:41:47.598Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 25.1.0

For AI issues: which model did you use?

auto

For AI issues: add Request ID with privacy disabled

8e1bae18-567d-4e38-8d8a-7d16d14a85d7

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

troehrkasse · January 7, 2026, 3:46pm

This happens a lot to me too.

Agent tries to run in sandbox, fails
Agent tries again “with elevated permissions” apparently running outside sandbox. Usually this time it works

Don’t understand why the commands fail in sandbox… also what is the point of the sandbox if the agent can just decide to not use it?

deanrie · January 7, 2026, 3:46pm

Hey, thanks for the report!

This sounds related to known sandbox/allowlist interaction issues. A few questions to help debug:

Could you share the exact error message when hitting certificate issues?
When the agent says “turning off sandbox mode” - could you share a screenshot of that message?
Which specific commands are in your allowlist that fail?

Potential workaround to try:

Go to Settings - Agents - Auto Run
Enable “Legacy Terminal Tool”
This uses the older allowlist-based approach which might be more stable for your use case

Let me know if this helps or if you can share more details about the certificate errors!

system · January 29, 2026, 3:47pm

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Running in Sandbox vs Allowlist Help	2	666	November 24, 2025
Sandbox mode makes using cursor annoying Bug Reports	4	704	December 6, 2025
How do I disable sandbox when agent wants to run commands? Help	3	1038	November 11, 2025
Cursor Able to git commit with out user permission in sandbox mode Bug Reports	2	93	December 13, 2025
Agents git committing when they shouldn't Bug Reports	3	87	December 4, 2025