CVE-2026-30615
Received Received - Intake
Prompt Injection in Windsurf Allows Remote Command Execution

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: MITRE

Description
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands on behalf of the user, persist malicious MCP configuration changes, and access sensitive information exposed through the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30615
EUVD
EUVD-2026-22938
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a prompt injection issue in Windsurf version 1.9544.26. It allows remote attackers to execute arbitrary commands on a victim's system by sending malicious HTML content. When Windsurf processes this attacker-controlled HTML, it can cause unauthorized changes to the local MCP configuration and automatically register a malicious MCP STDIO server. This leads to execution of arbitrary commands without any further user interaction.

Impact Analysis

Exploitation of this vulnerability can allow attackers to execute commands on behalf of the user, persist malicious changes to the MCP configuration, and gain access to sensitive information exposed through the application. This can lead to unauthorized control over the system and potential data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30615. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart