CVE-2026-30615

Name of the Vulnerable Software and Affected Versions Windsurf version 1.9544.26

Description A prompt injection issue occurs when the application processes attacker-controlled HTML content. This allows remote attackers to execute arbitrary commands on a victim system without user interaction. The flaw enables unauthorized modification of the local MCP configuration and the automatic registration of a malicious MCP STDIO server. Successful exploitation can lead to command execution on behalf of the user, persistence of malicious configuration changes, and access to sensitive information. Real-world incidents include the hijacking of the Windsurf IDE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.