CVE-2026-48704
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
Warp, an agentic development environment, may open executable local files through the operating system default file handler. A malicious Markdown document can contain a local-file link that, when clicked by the user, may lead to unsafe file opening.
Risk Assessment
The organization may be at risk of executing malicious software if users open infected Markdown documents. This could lead to unauthorized access to systems or data.
Recommendation
It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability. Additionally, users should be educated about the risks of opening unknown documents.
Original NVD description (English source)
Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

