Impact
The vulnerability is an OS command injection in Warp's prompt branch selector. When a user publishes a branch with a crafted name to a Git repository that Warp opens, the victim's shell interprets the branch name if they select that branch from the UI, allowing execution of arbitrary commands.
Affected Systems
Warp, an agentic development environment by warpdotdev, is vulnerable in versions from 0.2025.08.06.08.12.stable_00 through 0.2026.05.06.15.42.stable_01. The fix is included in release 0.2026.05.06.15.42.stable_01.
Risk and Exploitability
CVSS score of 8 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The attacker must be able to push a malicious branch to a repository that the victim opens in Warp. Selecting the manipulated branch from the UI causes the victim's shell to execute commands embedded in the branch name. The risk is significant if an attacker can control branch names, particularly in shared or untrusted repositories.
OpenCVE Enrichment