Skip to main content

Warp Terminal EUVDEUVD-2026-39012

| CVE-2026-54699 HIGH
OS Command Injection (CWE-78)
2026-06-24 GitHub_M
7.7
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.7 HIGH
AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
7.7 HIGH

Trigger arrives via local terminal output (AV:L), depends on the non-default wslview-failure fallback (AC:H), needs a victim click (UI:R), and command execution crosses WSL into the Windows host (S:C, C/I/A:H).

3.1 AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
Jun 24, 2026 - 19:17 EUVD
Source Code Evidence Fetched
Jun 24, 2026 - 18:17 vuln.today
Analysis Generated
Jun 24, 2026 - 18:17 vuln.today
CVE Published
Jun 24, 2026 - 17:26 cve.org
HIGH 7.7

DescriptionCVE.org

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

AnalysisAI

OS command injection in Warp (the agentic terminal/development environment) affects builds from 0.2024.03.12.08.02.stable_01 up to the fix in 0.2026.05.06.15.42.stable_01 when running under Windows Subsystem for Linux. When wslview cannot open a URL, Warp falls back to a Windows command processor (cmd.exe /c start), so a malicious URL emitted into terminal output executes attacker-controlled Windows commands once the user clicks the link. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious URL with Windows metacharacters
Delivery
Emit URL into victim's Warp terminal output
Exploit
wslview fails, cmd.exe /c start fallback reached
Execution
User clicks the link
Impact
Arbitrary commands execute on Windows host

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following concrete conditions: (1) Warp must be running under Windows Subsystem for Linux; (2) the wslview URL-opening path must fail or be unavailable so Warp reaches the cmd.exe /c start fallback; (3) a crafted URL must be present in the Warp terminal output (deliverable by any process or remote content whose output is displayed); and (4) the user must actively click/open that link (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H, base 7.7 High) tells a consistent story: local attack vector because the trigger arrives through terminal output rather than directly over the network, high attack complexity because exploitation depends on the WSL deployment mode and on wslview failing so the cmd.exe fallback is reached, no privileges required, but mandatory user interaction (the victim must click the link). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker lures a Warp-on-WSL user into running a command or viewing remote content (e.g. a README, log, or git output) that prints a crafted URL containing Windows command metacharacters. …
Remediation Vendor-released patch: 0.2026.05.06.15.42.stable_01 - upgrade Warp to this version or later, which validates that URLs parse and use only the http/https scheme and switches the WSL fallback from cmd.exe /c start to rundll32.exe url.dll,FileProtocolHandler with a re-serialized, percent-encoded URL. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Warp installations on WSL systems and determine which are running vulnerable versions (0.2024.03.12.08.02.stable_01 through pre-0.2026.05.06.15.42.stable_01). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Warp

View all
CVE-2022-3320 CRITICAL
9.8 Oct 28

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint'

CVE-2026-48732 HIGH
8.8 Jun 24

Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell synt

CVE-2026-48704 HIGH
8.8 Jun 24

Arbitrary code execution in the Warp agentic development environment (builds 0.2023.10.24.08.03.stable_00 through 0.2026

CVE-2026-48720 HIGH
8.8 Jun 24

Arbitrary local file write in Warp terminal (0.2025.03.05.08.02.stable_00 through builds before 0.2026.05.06.15.42.stabl

CVE-2022-3512 HIGH
8.8 Oct 28

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" f

CVE-2026-48721 HIGH
8.6 Jun 24

Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_

CVE-2026-48719 HIGH
8.0 Jun 24

Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell whe

CVE-2026-48725 HIGH
8.1 Jun 24

Clipboard hijacking in the Warp agentic terminal (versions 0.2021.04.25.23.05.stable_00 through 0.2026.05.06.15.42.stabl

CVE-2026-48731 HIGH
7.8 Jun 24

Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2

CVE-2026-48703 HIGH
7.8 Jun 24

OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search

CVE-2023-0652 HIGH
7.8 Apr 06

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WA

CVE-2023-1412 HIGH
7.8 Apr 05

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for

Share

EUVD-2026-39012 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy