CVE Catalog

CVE-2026-48720

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

Warp is an agentic development environment that, from versions 0.2025.03.05.08.02.stable_00 to 0.2026.05.06.15.42.stable_01, accepts `OSC 1337;File` payloads from terminal output and materializes the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in version 0.2026.05.06.15.42.stable_01.

Risk Assessment

The lack of an additional confirmation step when creating local files may lead to unauthorized access to the system or the introduction of malicious software.

Recommendation

It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 or later to mitigate this vulnerability.

Original NVD description (English source)

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS