CVE-2026-48720

Summary

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Affected Software

VendorProductVersion RangeStatus
warpdotdevwarp>= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation
  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References