CVE-2025-36730
Windsurf Prompt Injection via Filename
In short
Windsurf version 1.10.7 allows attackers to manipulate the AI model by crafting malicious filenames that get injected into user prompts, causing the AI to follow unintended instructions instead of the user's actual intent.
Technical detail
A prompt injection vulnerability in Windsurf 1.10.7 Write mode (SWE-1 model) allows concatenation of attacker-controlled filenames into the user prompt context. The attack vector requires file creation capability; impact includes AI model instruction override and potential task manipulation.
Summary generated and translated by AI from the official description.
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model.
It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Windsurf · WindsurfWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →