VYPR
Medium severityNVD Advisory· Published Oct 14, 2025· Updated Apr 15, 2026

CVE-2025-36730

CVE-2025-36730

Description

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model.

It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.