CVE-2026-30615: A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim
Summary
Windsurf version 1.9544.26 has a prompt injection vulnerability (a technique where attackers hide malicious instructions in input to trick an AI system) that allows remote attackers to execute arbitrary commands on a victim's computer. When Windsurf processes attacker-controlled HTML content, it can be tricked into automatically registering a malicious MCP STDIO server (a communication interface for running code), giving attackers the ability to run commands without the user's knowledge.
Vulnerability Details
EPSS: 0.0%
April 15, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-30615
First tracked: April 15, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 85%