Skip to main content

Warp CVE-2026-48725

| EUVDEUVD-2026-39010 HIGH
Incorrect Default Permissions (CWE-276)
2026-06-24 GitHub_M
8.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vuln.today AI
8.1 HIGH

Triggered by remote output with no auth (AV:N/PR:N), low complexity, but the victim must render the output (UI:R); clipboard read leaks secrets (C:H) and clipboard write enables paste-injection (I:H), no availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 24, 2026 - 18:16 vuln.today
Analysis Generated
Jun 24, 2026 - 18:16 vuln.today

DescriptionCVE.org

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

AnalysisAI

Clipboard hijacking in the Warp agentic terminal (versions 0.2021.04.25.23.05.stable_00 through 0.2026.05.06.15.42.stable_01) lets attacker-controlled terminal output read and write the host desktop clipboard via OSC 52 escape sequences with no confirmation prompt. Any malicious remote host, compromised program, or hostile output stream rendered in the terminal can silently exfiltrate clipboard contents (e.g. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to render hostile output
Delivery
Stream OSC 52 escape in terminal
Exploit
Warp honors clipboard read/write unprompted
Execution
Exfiltrate clipboard secrets or inject paste payload
Impact
Optional shell paste executes attacker command

Vulnerability AssessmentAI

Exploitation Exploitation requires that the victim render attacker-controlled terminal output inside a vulnerable Warp build (0.2021.04.25.23.05.stable_00 through pre-0.2026.05.06.15.42.stable_01) - the malicious source can be a remote host the user SSHes to, a remote program, or any output stream the terminal displays - and that output must contain OSC 52 clipboard escape sequences. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N (8.1 High) is internally consistent with the description: the trigger reaches the victim over the network (a remote host or remote program's output), requires no authentication or special privilege, and is low-complexity, but does require user interaction in the sense that the victim must render the malicious output in their Warp terminal. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious server (or a trojaned CLI tool/log file) whose output embeds an OSC 52 read sequence; when a developer connects or views that output in a pre-fix Warp, the terminal silently returns the host clipboard into the stream, leaking any copied API key or password. Alternatively the output writes attacker-chosen text (e.g. …
Remediation Vendor-released patch: upgrade Warp to 0.2026.05.06.15.42.stable_01 or later, which adds a terminal.osc52_clipboard_access policy that defaults to 'deny' for all OSC 52 clipboard operations. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems running affected Warp terminal versions (0.2021.04.25.23.05.stable_00 through 0.2026.05.06.15.42.stable_01); restrict SSH access from untrusted networks; notify users and request credential rotation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Warp

View all
CVE-2022-3320 CRITICAL
9.8 Oct 28

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint'

CVE-2026-48732 HIGH
8.8 Jun 24

Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell synt

CVE-2026-48704 HIGH
8.8 Jun 24

Arbitrary code execution in the Warp agentic development environment (builds 0.2023.10.24.08.03.stable_00 through 0.2026

CVE-2026-48720 HIGH
8.8 Jun 24

Arbitrary local file write in Warp terminal (0.2025.03.05.08.02.stable_00 through builds before 0.2026.05.06.15.42.stabl

CVE-2022-3512 HIGH
8.8 Oct 28

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" f

CVE-2026-48721 HIGH
8.6 Jun 24

Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_

CVE-2026-48719 HIGH
8.0 Jun 24

Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell whe

CVE-2026-48731 HIGH
7.8 Jun 24

Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2

CVE-2026-48703 HIGH
7.8 Jun 24

OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search

CVE-2023-0652 HIGH
7.8 Apr 06

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WA

CVE-2023-1412 HIGH
7.8 Apr 05

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for

CVE-2022-2225 HIGH
7.8 Jul 26

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to b

Share

CVE-2026-48725 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy