CVE-2026-48703 - Vulnerability Details

- Warp: Command Injection via Warp code search tool arguments

Description

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations build shell command strings from Agent-controlled inputs (search text, paths, glob patterns) and execute them in the active terminal session. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Published: 2026-06-24

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in Warp’s Agent code search tools (Grep and FileGlob). The implementation builds shell command strings from Agent‑controlled inputs such as search text, paths and glob patterns, and executes them in the active terminal session. Because the actions are authorized as read/search operations, an attacker can inject arbitrary shell commands via crafted arguments and gain the ability to execute arbitrary code with the permissions of the running Agent process. This weakness is classified under CWE‑78 and carries a CVSS score of 7.8, indicating a high‑severity risk of compromise.

Affected Systems

Warp (warp dot dev: warp) versions from 0.2025.04.09.08.11.stable_00 up through 0.2026.05.06.15.42.stable_01 are susceptible. The issue persists in releases released before 0.2026.05.06.15.42.stable_01 and is fixed in that version and later.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation has been observed at this time. Based on the description, the likely attack vector involves an authenticated user wielding the Agent’s search functions to supply crafted arguments that are executed as shell commands. Successful exploitation would allow the attacker to run any command with the privilege level of the Agent, potentially leading to privilege escalation and full system compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

warpdotdev

warp

affected

Version	Status	Constraints
`>= 0.2025.04.09.08.11.stable_00, < 0.2026.05.13.09.15.stable_01`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Warp to version 0.2026.05.06.15.42.stable_01 or newer, which contains the fixed implementation.
If an upgrade is not immediately possible, disable or remove the Grep and FileGlob actions from the Agent’s code search toolkit to prevent the construction and execution of shell commands.
Implement process monitoring or audit logging on the Agent’s terminal session to detect any unexpected shell command executions, and investigate anomalous activity promptly.

Generated by OpenCVE AI on June 24, 2026 at 19:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00177.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/warpdotdev/warp/commit/43f4f483e0c2dd253d2aaa8a495b2d71f0208c40
https://github.com/warpdotdev/warp/security/advisories/GHSA-8r78-7jwh-m6hm

History

Wed, 24 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 24 Jun 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations build shell command strings from Agent-controlled inputs (search text, paths, glob patterns) and execute them in the active terminal session. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Title		Warp: Command Injection via Warp code search tool arguments
Weaknesses		CWE-78
References		https://github.com/warpdotdev/warp/commit/43f4f483e0c2dd253d2aaa8a495b2d71f0208c40 https://github.com/warpdotdev/warp/security/advisories/GHSA-8r78-7jwh-m6hm
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-24T17:25:34.902Z

Updated: 2026-06-24T18:29:25.818Z

Reserved: 2026-05-22T18:47:27.754Z

Link: CVE-2026-48703

Vulnrichment

Updated: 2026-06-24T18:29:13.032Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T20:00:10Z

Weaknesses

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object