Description
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Published: 2026-06-24
Score: 8.8 High
EPSS: 1.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Warp uses a legacy SSH background command path that builds helper commands from the remote working directory reported by the session. When an attacker can control the remote host, repository, or directory name, they can inject shell syntax into that command path, causing the helper command to execute arbitrary shell commands as the victim's authenticated SSH account. This constitutes a command injection flaw that permits full remote code execution with the same privileges as the SSH user, matching CWE‑78.

Affected Systems

The vulnerability affects Warp from version 0.2023.03.21.08.02.stable_00 through 0.2026.05.06.15.42.stable_01. The fix is included in the subsequent release 0.2026.05.06.15.42.stable_01 by warpdotdev.

Risk and Exploitability

The CVSS score of 8.8 signals high severity. EPSS is 1%, indicating a very low but nonzero exploitation probability, but the flaw is exploitable by anyone who can set a repository or directory name that Warp feeds into the SSH command path. The vulnerability is not listed in CISA KEV; nevertheless it can be exploited via an attacker‑controlled SSH session as the victim’s user. The attack vector is remote SSH with attacker‑controlled path components.

Generated by OpenCVE AI on June 25, 2026 at 14:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Warp to 0.2026.05.06.15.42.stable_01 or later to remove the command‑injection flaw.
  • If an upgrade cannot be performed immediately, enforce strict naming rules for repositories and remote directories to prevent attacker‑controlled values from being passed to SSH commands.
  • Limit SSH connections used by Warp to trusted hosts and consider network segmentation to reduce the attack surface.

Generated by OpenCVE AI on June 25, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Warpdotdev
Warpdotdev warp
Vendors & Products Warpdotdev
Warpdotdev warp

Wed, 24 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Title Warp: Remote SSH cwd can lead to unauthorized remote command execution
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-24T17:58:34.065Z

Reserved: 2026-05-22T19:10:35.746Z

Link: CVE-2026-48732

cve-icon Vulnrichment

Updated: 2026-06-24T17:58:26.455Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:40:40Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')