CVE Catalog

CVE-2026-48721

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

Warp is a development environment that contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. This vulnerability allows an attacker to treat denylisted commands as allowed.

Risk Assessment

Organizations may be exposed to unauthorized command execution, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability and review security measures to assess potential threats.

Original NVD description (English source)

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent's command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS