CVE-2026-48725
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Warp is a development environment that, from versions 0.2021.04.25.23.05.stable_00 to 0.2026.05.06.15.42.stable_01, allows terminal output to access the local system clipboard. A malicious remote host or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step.
Risk Assessment
This vulnerability crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard, potentially leading to unauthorized access to user data.
Recommendation
It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability.
Original NVD description (English source)
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

