Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by warpdotdev
CVE-2026-48704 (GCVE-0-2026-48704)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:35 – Updated: 2026-06-24 17:57
VLAI
Title
Warp Markdown notebook links may open executable local files
Summary
Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/7f0c4dd… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2023.10.24.08.03.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T17:57:32.306645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:57:45.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2023.10.24.08.03.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:35:02.730Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-589x-4mxh-jcrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-589x-4mxh-jcrf"
},
{
"name": "https://github.com/warpdotdev/warp/commit/7f0c4dd2322198f1b39890f8e6bcdc606c6a3c74",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/7f0c4dd2322198f1b39890f8e6bcdc606c6a3c74"
}
],
"source": {
"advisory": "GHSA-589x-4mxh-jcrf",
"discovery": "UNKNOWN"
},
"title": "Warp Markdown notebook links may open executable local files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48704",
"datePublished": "2026-06-24T17:35:02.730Z",
"dateReserved": "2026-05-22T18:47:27.754Z",
"dateUpdated": "2026-06-24T17:57:45.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48719 (GCVE-0-2026-48719)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:33 – Updated: 2026-06-24 19:03
VLAI
Title
Warp branch selector command injection via Git branch names
Summary
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/4295ec0… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2025.08.06.08.12.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T19:03:06.614295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T19:03:22.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2025.08.06.08.12.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim\u0027s shell if the victim selects that branch from the UI. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:33:55.387Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-hgvx-4xvm-39pw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-hgvx-4xvm-39pw"
},
{
"name": "https://github.com/warpdotdev/warp/commit/4295ec08d01912fe355351547e541277f29288cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/4295ec08d01912fe355351547e541277f29288cd"
}
],
"source": {
"advisory": "GHSA-hgvx-4xvm-39pw",
"discovery": "UNKNOWN"
},
"title": "Warp branch selector command injection via Git branch names"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48719",
"datePublished": "2026-06-24T17:33:55.387Z",
"dateReserved": "2026-05-22T18:47:27.756Z",
"dateUpdated": "2026-06-24T19:03:22.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48720 (GCVE-0-2026-48720)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:32 – Updated: 2026-06-25 19:56
VLAI
Title
Warp: SSH remote output can lead to local file overwrite and persistence
Summary
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/f3b9ce1… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T19:56:00.076148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T19:56:08.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2025.03.05.08.02.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:32:50.763Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-5h96-jrrq-6hxq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-5h96-jrrq-6hxq"
},
{
"name": "https://github.com/warpdotdev/warp/commit/f3b9ce1c8fd13d037526c447418d809087722daa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/f3b9ce1c8fd13d037526c447418d809087722daa"
}
],
"source": {
"advisory": "GHSA-5h96-jrrq-6hxq",
"discovery": "UNKNOWN"
},
"title": "Warp: SSH remote output can lead to local file overwrite and persistence"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48720",
"datePublished": "2026-06-24T17:32:50.763Z",
"dateReserved": "2026-05-22T18:47:27.756Z",
"dateUpdated": "2026-06-25T19:56:08.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48721 (GCVE-0-2026-48721)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:31 – Updated: 2026-06-25 17:06
VLAI
Title
Warp: Env-var prefixes can lead to denylisted command autoexecution
Summary
Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent's command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/0c1e243… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T17:06:00.971042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T17:06:14.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2025.10.08.08.12.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent\u0027s command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-180",
"description": "CWE-180: Incorrect Behavior Order: Validate Before Canonicalize",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:31:15.365Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-3839-h8jj-ph82",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-3839-h8jj-ph82"
},
{
"name": "https://github.com/warpdotdev/warp/commit/0c1e243292c642d9a7748f80813b6fdfc0b31a9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/0c1e243292c642d9a7748f80813b6fdfc0b31a9e"
}
],
"source": {
"advisory": "GHSA-3839-h8jj-ph82",
"discovery": "UNKNOWN"
},
"title": "Warp: Env-var prefixes can lead to denylisted command autoexecution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48721",
"datePublished": "2026-06-24T17:31:15.365Z",
"dateReserved": "2026-05-22T18:47:27.756Z",
"dateUpdated": "2026-06-25T17:06:14.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48731 (GCVE-0-2026-48731)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:30 – Updated: 2026-06-24 18:25
VLAI
Title
Warp: Linux external editor command injection
Summary
Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user who opens an attacker-controlled local file path through an affected external editor or system-default editor route can cause shell syntax embedded in that path to execute as the local user. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/861dace… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2024.02.20.08.01.stable_01, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T18:12:40.501473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T18:25:49.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2024.02.20.08.01.stable_01, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user who opens an attacker-controlled local file path through an affected external editor or system-default editor route can cause shell syntax embedded in that path to execute as the local user. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:30:17.637Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-7xgc-mhc8-g7wc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-7xgc-mhc8-g7wc"
},
{
"name": "https://github.com/warpdotdev/warp/commit/861dacea2683f2fe263c3c3a1381c3cbb2b66809",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/861dacea2683f2fe263c3c3a1381c3cbb2b66809"
}
],
"source": {
"advisory": "GHSA-7xgc-mhc8-g7wc",
"discovery": "UNKNOWN"
},
"title": "Warp: Linux external editor command injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48731",
"datePublished": "2026-06-24T17:30:17.637Z",
"dateReserved": "2026-05-22T19:10:35.745Z",
"dateUpdated": "2026-06-24T18:25:49.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48732 (GCVE-0-2026-48732)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:29 – Updated: 2026-06-24 17:58
VLAI
Title
Warp: Remote SSH cwd can lead to unauthorized remote command execution
Summary
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/88c344e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2023.03.21.08.02.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T17:58:22.210435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:58:34.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2023.03.21.08.02.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim\u0027s authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:29:11.497Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-qqpc-wvvw-4269",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-qqpc-wvvw-4269"
},
{
"name": "https://github.com/warpdotdev/warp/commit/88c344e2de662a935f0ef0896458494ef2413add",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/88c344e2de662a935f0ef0896458494ef2413add"
}
],
"source": {
"advisory": "GHSA-qqpc-wvvw-4269",
"discovery": "UNKNOWN"
},
"title": "Warp: Remote SSH cwd can lead to unauthorized remote command execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48732",
"datePublished": "2026-06-24T17:29:11.497Z",
"dateReserved": "2026-05-22T19:10:35.746Z",
"dateUpdated": "2026-06-24T17:58:34.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54686 (GCVE-0-2026-54686)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:28 – Updated: 2026-06-25 17:05
VLAI
Title
Warp: DCS lifecycle hook spoofing can alter terminal session metadata
Summary
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An attacker who could cause a victim to view attacker-controlled terminal output in Warp could spoof selected lifecycle metadata, including the current working directory reported for the active block or SSH session transport metadata. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/32d21d1… | x_refsource_MISC |
| https://github.com/warpdotdev/warp/commit/51bd326… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T17:04:59.234400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T17:05:10.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2021.04.25.23.05.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp\u0027s shell integration for the active session. An attacker who could cause a victim to view attacker-controlled terminal output in Warp could spoof selected lifecycle metadata, including the current working directory reported for the active block or SSH session transport metadata. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:28:12.027Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-9w2v-jhww-vm85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-9w2v-jhww-vm85"
},
{
"name": "https://github.com/warpdotdev/warp/commit/32d21d15c9a3da1a923d1ed66226cf5cba081d16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/32d21d15c9a3da1a923d1ed66226cf5cba081d16"
},
{
"name": "https://github.com/warpdotdev/warp/commit/51bd3267803c5cc0a45074fa19fd50162be7c917",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/51bd3267803c5cc0a45074fa19fd50162be7c917"
}
],
"source": {
"advisory": "GHSA-9w2v-jhww-vm85",
"discovery": "UNKNOWN"
},
"title": "Warp: DCS lifecycle hook spoofing can alter terminal session metadata"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54686",
"datePublished": "2026-06-24T17:28:12.027Z",
"dateReserved": "2026-06-15T22:53:58.561Z",
"dateUpdated": "2026-06-25T17:05:10.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54699 (GCVE-0-2026-54699)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:26 – Updated: 2026-06-25 13:18
VLAI
Title
Warp: OS command injection when opening terminal links from WSL
Summary
Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/c66cff4… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T13:18:26.007037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T13:18:33.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2024.03.12.08.02.stable_01, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:26:57.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4"
},
{
"name": "https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e"
}
],
"source": {
"advisory": "GHSA-xmw3-wj6r-48m4",
"discovery": "UNKNOWN"
},
"title": "Warp: OS command injection when opening terminal links from WSL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54699",
"datePublished": "2026-06-24T17:26:57.170Z",
"dateReserved": "2026-06-15T22:58:06.562Z",
"dateUpdated": "2026-06-25T13:18:33.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48703 (GCVE-0-2026-48703)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:25 – Updated: 2026-06-24 18:29
VLAI
Title
Warp: Command Injection via Warp code search tool arguments
Summary
Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations build shell command strings from Agent-controlled inputs (search text, paths, glob patterns) and execute them in the active terminal session. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/43f4f48… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2025.04.09.08.11.stable_00, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T18:28:49.401990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T18:29:25.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2025.04.09.08.11.stable_00, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations build shell command strings from Agent-controlled inputs (search text, paths, glob patterns) and execute them in the active terminal session. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:25:34.902Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-8r78-7jwh-m6hm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-8r78-7jwh-m6hm"
},
{
"name": "https://github.com/warpdotdev/warp/commit/43f4f483e0c2dd253d2aaa8a495b2d71f0208c40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/43f4f483e0c2dd253d2aaa8a495b2d71f0208c40"
}
],
"source": {
"advisory": "GHSA-8r78-7jwh-m6hm",
"discovery": "UNKNOWN"
},
"title": "Warp: Command Injection via Warp code search tool arguments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48703",
"datePublished": "2026-06-24T17:25:34.902Z",
"dateReserved": "2026-05-22T18:47:27.754Z",
"dateUpdated": "2026-06-24T18:29:25.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48725 (GCVE-0-2026-48725)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:22 – Updated: 2026-06-25 13:19
VLAI
Title
Warp may allow terminal output to access the local clipboard through OSC 52
Summary
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/b1a41d0… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2021.04.25.23.05.stable_00, < v0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T13:18:57.634899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T13:19:07.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2021.04.25.23.05.stable_00, \u003c v0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user\u0027s local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:23:41.789Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-wgqj-4c26-7c4g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-wgqj-4c26-7c4g"
},
{
"name": "https://github.com/warpdotdev/warp/commit/b1a41d0b1aba9f40db1e5ceb695183452a894003",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/b1a41d0b1aba9f40db1e5ceb695183452a894003"
}
],
"source": {
"advisory": "GHSA-wgqj-4c26-7c4g",
"discovery": "UNKNOWN"
},
"title": "Warp may allow terminal output to access the local clipboard through OSC 52"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48725",
"datePublished": "2026-06-24T17:22:46.495Z",
"dateReserved": "2026-05-22T18:47:27.757Z",
"dateUpdated": "2026-06-25T13:19:07.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}