Impact
Warp uses a legacy SSH background command path that builds helper commands from the remote working directory reported by the session. When an attacker can control the remote host, repository, or directory name, they can inject shell syntax into that command path, causing the helper command to execute arbitrary shell commands as the victim's authenticated SSH account. This constitutes a command injection flaw that permits full remote code execution with the same privileges as the SSH user, matching CWE‑78.
Affected Systems
The vulnerability affects Warp from version 0.2023.03.21.08.02.stable_00 through 0.2026.05.06.15.42.stable_01. The fix is included in the subsequent release 0.2026.05.06.15.42.stable_01 by warpdotdev.
Risk and Exploitability
The CVSS score of 8.8 signals high severity. EPSS is 1%, indicating a very low but nonzero exploitation probability, but the flaw is exploitable by anyone who can set a repository or directory name that Warp feeds into the SSH command path. The vulnerability is not listed in CISA KEV; nevertheless it can be exploited via an attacker‑controlled SSH session as the victim’s user. The attack vector is remote SSH with attacker‑controlled path components.
OpenCVE Enrichment