CVE Catalog

CVE-2026-48704

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

Warp, an agentic development environment, may open executable local files through the operating system default file handler. A malicious Markdown document can contain a local-file link that, when clicked by the user, may lead to unsafe file opening.

Risk Assessment

The organization may be at risk of executing malicious software if users open infected Markdown documents. This could lead to unauthorized access to systems or data.

Recommendation

It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability. Additionally, users should be educated about the risks of opening unknown documents.

Original NVD description (English source)

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS