Skip to main content

Warp CVE-2023-1412

HIGH
Improper Link Resolution Before File Access (CWE-59)
2023-04-05 cna@cloudflare.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 05, 2023 - 16:15 nvd
HIGH 7.8

DescriptionNVD

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).

After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI.

ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.

PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.

AnalysisAI

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-59. An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems. Affected products include: Cloudflare Warp. Version information: version 2023.3.381.0..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Warp

View all
CVE-2022-3320 CRITICAL
9.8 Oct 28

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint'

CVE-2026-48732 HIGH
8.8 Jun 24

Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell synt

CVE-2026-48704 HIGH
8.8 Jun 24

Arbitrary code execution in the Warp agentic development environment (builds 0.2023.10.24.08.03.stable_00 through 0.2026

CVE-2026-48720 HIGH
8.8 Jun 24

Arbitrary local file write in Warp terminal (0.2025.03.05.08.02.stable_00 through builds before 0.2026.05.06.15.42.stabl

CVE-2022-3512 HIGH
8.8 Oct 28

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" f

CVE-2026-48721 HIGH
8.6 Jun 24

Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_

CVE-2026-48719 HIGH
8.0 Jun 24

Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell whe

CVE-2026-48725 HIGH
8.1 Jun 24

Clipboard hijacking in the Warp agentic terminal (versions 0.2021.04.25.23.05.stable_00 through 0.2026.05.06.15.42.stabl

CVE-2026-48731 HIGH
7.8 Jun 24

Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2

CVE-2026-48703 HIGH
7.8 Jun 24

OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search

CVE-2023-0652 HIGH
7.8 Apr 06

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WA

CVE-2022-2225 HIGH
7.8 Jul 26

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to b

Share

CVE-2023-1412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy