CVE Catalog

CVE-2026-48719

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.95%

57th percentile - higher than 57% of all known CVEs

Summary

Warp, an agentic development environment, contains a command injection vulnerability in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI.

Risk Assessment

This vulnerability may lead to unauthorized command execution on the victim's system, posing a serious threat to the security of the organization's data and systems.

Recommendation

It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability and to monitor branch usage in Git repositories.

Original NVD description (English source)

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS