Vulnerability Scanner agent — Environment selection silently reverts to "Cloud" after saving a self-hosted Pool

Hung_Hoang_Le · May 7, 2026, 8:05am

Where does the bug appear (feature/product)?

Somewhere else…

Describe the Bug

When creating a Vulnerability Scanner background agent, the Environment dropdown offers both Cloud and Pool (Self-hosted). Selecting a self-hosted Pool and saving appears to succeed, but the setting silently reverts to the default Cloud option. This contradicts the documented behavior.

Steps to Reproduce

Steps to reproduce

Open cursor.com/dashboard/security-review → Add new Security Review Agents → Vulnerability Scanner
Under Environment → “Choose where Cloud Agent runs”, open the dropdown.
Select Pool (Self-hosted) and pick one of the available pools.
Save the agent.
Reopen the agent’s settings.

Actual
The Environment field is back to Cloud. No warning, no error — the self-hosted selection is silently dropped.
Why this matters
The official docs at Security Agents | Cursor Docs explicitly state that self-hosted Cloud Agents are a supported option for Security Review:

“You can use Cursor’s cloud with no additional setup, or configure self-hosted Cloud Agents to run reviews in your own environment.”

For teams that need source code to stay inside their own infrastructure (compliance, NDA, IP-sensitive repos), this silent fallback to Cursor Cloud is a meaningful problem — users believe they configured a self-hosted run, but scans actually execute on Cursor Cloud.

Expected Behavior

The Environment field shows the self-hosted Pool that was selected, and scheduled scans run in that environment.

Screenshots / Screen Recordings

Operating System

MacOS

Version Information

Web

Does this stop you from using Cursor

Yes - Cursor is unusable

Colin · May 7, 2026, 8:36am

Thanks for the report @Hung_Hoang_Le! This matches closely an existing issue that I thought was fixed. Following up with the team.

Hung_Hoang_Le · May 9, 2026, 10:27am

hi @Colin , any update so far ?

mohitjain · May 10, 2026, 10:58am

Hi Hung!
We recently shipped a fix for a closely related issue where self-hosted pool settings weren’t displaying correctly, but we’re still verifying whether it fully covers the Vulnerability Scanner/Security Review page specifically. I’ll follow up here once I have confirmation from the team.

Hung_Hoang_Le · May 12, 2026, 2:28am

Hi, I have tested and the issue is still there. Please help to follow up with the relevant team @mohitjain

mohitjain · May 12, 2026, 12:12pm

Thanks for confirming. We’ve identified the remaining issue. We’ve flagged this with the engineering team and they’re aware. I’ll follow up once a fix is in place.

mohitjain · May 14, 2026, 6:11pm

@Hung_Hoang_Le - a fix for this has been deployed. The self-hosted Pool selection on the Security Review / Vulnerability Scanner page should now persist correctly after saving.

Could you try setting up your Vulnerability Scanner with a self-hosted Pool again and confirm the Environment sticks after saving?

Topic		Replies	Views
Cannot save Automation with Self Hosted Agent Environment on Ultra (not using Pools and not on Team/Enterprise) Bug Reports cloud-agents , automations , linear-linked	3	55	April 28, 2026
Self-hosted worker online but empty repo list in Agents UI Bug Reports cloud-agents , cli , gitlab	3	127	April 24, 2026
How to ensure Automations and API agent runs use self-hosted workers only (not Cursor-hosted)? Help teams-enterprise , cloud-agents , automations	8	277	May 13, 2026
Can't enable self-hosted agents Help privacy-mode , cloud-agents	9	233	May 13, 2026
Cloud Agent run cannot see enabled Team MCP servers (Server "notion" not found) Bug Reports mcp , teams-enterprise , cloud-agents	7	121	May 14, 2026