CVE-2026-30615
Prompt Injection in Windsurf Allows Remote Command Execution
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a prompt injection issue in Windsurf version 1.9544.26. It allows remote attackers to execute arbitrary commands on a victim's system by sending malicious HTML content. When Windsurf processes this attacker-controlled HTML, it can cause unauthorized changes to the local MCP configuration and automatically register a malicious MCP STDIO server. This leads to execution of arbitrary commands without any further user interaction.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow attackers to execute commands on behalf of the user, persist malicious changes to the MCP configuration, and gain access to sensitive information exposed through the application. This can lead to unauthorized control over the system and potential data breaches.