Description
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Published: 2026-06-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Warp versions from 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01 accept non-inline OSC 1337;File payloads embedded in terminal output and write the decoded data to local files without any confirmation. The lack of bounds and path validation allows an attacker to overwrite any file that the Warp process can write to, including configuration files or executable scripts. This could enable persistence by substituting startup or system scripts, or if an executable is written, could lead to code execution.

Affected Systems

The vulnerable product is Warp by warpdotdev. All releases between 0.2025.03.05.08.02.stable_00 and 0.2026.05.06.15.42.stable_01 are impacted. The issue was patched in the release 0.2026.05.06.15.42.stable_01, which adds a confirmation step and bounds checking for OSC 1337 payloads.

Risk and Exploitability

With a CVSS score of 8.8, the vulnerability is considered high severity. The EPSS score is not provided, but the absence of an official KEV listing suggests no widespread exploitation yet. The likely attack vector is remote via an SSH session where an attacker controls terminal output; the Warp application would then materialize the payload as a local file. Because the vulnerability permits arbitrary file overwrite, an attacker could gain persistence or elevate privileges, especially if the written file resides in a directory executed on boot or by a privileged user.

Generated by OpenCVE AI on June 24, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Warp to 0.2026.05.06.15.42.stable_01 or a later patched release.
  • If an immediate upgrade is not feasible, prevent OSC 1337 ;File payloads from being processed by configuring Warp to run in a mode that rejects such payloads or by enforcing strict directory permissions for all writable files.
  • Monitor for unexpected changes to critical files in the Warp working directory and alert on unwarranted deletions or listings.

Generated by OpenCVE AI on June 24, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Warpdotdev
Warpdotdev warp
Vendors & Products Warpdotdev
Warpdotdev warp

Thu, 25 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Title Warp: SSH remote output can lead to local file overwrite and persistence
Weaknesses CWE-20
CWE-73
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T19:56:08.070Z

Reserved: 2026-05-22T18:47:27.756Z

Link: CVE-2026-48720

cve-icon Vulnrichment

Updated: 2026-06-25T19:56:05.370Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:40:34Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-73

    External Control of File Name or Path