High severity8.0NVD Advisory· Published Apr 15, 2026· Updated Apr 27, 2026
CVE-2026-30615
CVE-2026-30615
Description
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands on behalf of the user, persist malicious MCP configuration changes, and access sensitive information exposed through the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
1News mentions
3- Amazon Q VS Extension Flaw Leads to Cloud Credential TheftDark Reading · Jun 29, 2026
- Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud EnvironmentsCyber Security News · Jun 26, 2026
- Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP ConfigsThe Hacker News · Jun 26, 2026