CVE Catalog

CVE-2026-48725

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

Warp is a development environment that, from versions 0.2021.04.25.23.05.stable_00 to 0.2026.05.06.15.42.stable_01, allows terminal output to access the local system clipboard. A malicious remote host or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step.

Risk Assessment

This vulnerability crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard, potentially leading to unauthorized access to user data.

Recommendation

It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability.

Original NVD description (English source)

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS