Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets
Summary
Windsurf, a code editor based on VS Code with an AI coding agent called Windsurf Cascade, has security vulnerabilities that allow attackers to use prompt injection (tricking an AI by hiding instructions in its input) to steal developer secrets from a user's machine. The vulnerabilities were responsibly reported to Windsurf on May 30, 2025, but the company has not provided updates on fixes despite follow-up inquiries.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
Original source: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 85%