Skip to main content

Warp CVE-2026-48731

| EUVDEUVD-2026-39015 HIGH
OS Command Injection (CWE-78)
2026-06-24 GitHub_M
7.8
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local attacker-controlled file path (AV:L) with no prior privileges (PR:N) but mandatory victim action of opening the file (UI:R) yields code execution as the user, so C/I/A all High.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
Jun 24, 2026 - 19:17 EUVD
Source Code Evidence Fetched
Jun 24, 2026 - 18:19 vuln.today
Analysis Generated
Jun 24, 2026 - 18:19 vuln.today
CVE Published
Jun 24, 2026 - 17:30 cve.org
HIGH 7.8

DescriptionCVE.org

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user who opens an attacker-controlled local file path through an affected external editor or system-default editor route can cause shell syntax embedded in that path to execute as the local user. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

AnalysisAI

Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2026.05.06.15.42.stable_01) lets an attacker run arbitrary shell commands as the local user when a victim opens a maliciously named file through an affected external or system-default editor route. Warp expanded freedesktop .desktop Exec templates and passed the result to a shell, so shell metacharacters embedded in a file path are interpreted rather than treated as data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft file path with embedded shell syntax
Delivery
Deliver file to victim (repo/archive/share)
Exploit
Victim opens it via Warp external editor
Execution
Exec template expanded and passed to shell
Persist
Embedded syntax executes as local user
Impact
Full code execution at user privilege

Vulnerability AssessmentAI

Exploitation Requires the Warp external editor launcher on Linux to expand a freedesktop .desktop Exec template for an affected editor integration or the system-default editor route, and the victim must actively open an attacker-controlled local file path whose name/path contains shell metacharacters (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, 7.8 High) is internally consistent with the description: exploitation is local (the attacker must get a crafted file path in front of the victim), low complexity, needs no prior privileges, but requires the victim to actively open the file (UI:R), yielding full confidentiality/integrity/availability impact as the local user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker delivers a repository, archive, or shared folder containing a file whose name embeds shell syntax (for example a backtick or $() sequence). When the victim opens that file in Warp via an affected external/system-default editor on Linux, Warp expands it into a shell command line and the embedded syntax executes as the victim's user. …
Remediation Vendor-released patch: 0.2026.05.06.15.42.stable_01 - upgrade Warp on Linux to this release or later, which replaces shell-based Exec expansion with a spec-compliant tokenizer that runs the editor binary directly without a shell. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit Warp deployment across development teams and notify users of the vulnerability; restrict access to external editor functionality where possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Warp

View all
CVE-2022-3320 CRITICAL
9.8 Oct 28

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint'

CVE-2026-48732 HIGH
8.8 Jun 24

Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell synt

CVE-2026-48704 HIGH
8.8 Jun 24

Arbitrary code execution in the Warp agentic development environment (builds 0.2023.10.24.08.03.stable_00 through 0.2026

CVE-2026-48720 HIGH
8.8 Jun 24

Arbitrary local file write in Warp terminal (0.2025.03.05.08.02.stable_00 through builds before 0.2026.05.06.15.42.stabl

CVE-2022-3512 HIGH
8.8 Oct 28

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" f

CVE-2026-48721 HIGH
8.6 Jun 24

Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_

CVE-2026-48719 HIGH
8.0 Jun 24

Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell whe

CVE-2026-48725 HIGH
8.1 Jun 24

Clipboard hijacking in the Warp agentic terminal (versions 0.2021.04.25.23.05.stable_00 through 0.2026.05.06.15.42.stabl

CVE-2026-48703 HIGH
7.8 Jun 24

OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search

CVE-2023-0652 HIGH
7.8 Apr 06

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WA

CVE-2023-1412 HIGH
7.8 Apr 05

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for

CVE-2022-2225 HIGH
7.8 Jul 26

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to b

Share

CVE-2026-48731 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy