CVE-2026-48720
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
Warp is an agentic development environment that, from versions 0.2025.03.05.08.02.stable_00 to 0.2026.05.06.15.42.stable_01, accepts `OSC 1337;File` payloads from terminal output and materializes the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in version 0.2026.05.06.15.42.stable_01.
Risk Assessment
The lack of an additional confirmation step when creating local files may lead to unauthorized access to the system or the introduction of malicious software.
Recommendation
It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 or later to mitigate this vulnerability.
Original NVD description (English source)
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

