CVE Catalog

CVE-2026-48731

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile - higher than 39% of all known CVEs

Summary

Warp, an agentic development environment, contains a command injection issue in the Linux external editor launcher. Versions from 0.2024.02.20.08.01.stable_01 to 0.2026.05.06.15.42.stable_01 allow execution of malicious code by opening an attacker-controlled file.

Risk Assessment

An attacker can exploit this vulnerability to execute arbitrary commands in the context of the local user, posing a significant security risk to the system.

Recommendation

It is recommended to update Warp to version 0.2026.05.06.15.42.stable_01 to mitigate this vulnerability.

Original NVD description (English source)

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user who opens an attacker-controlled local file path through an affected external editor or system-default editor route can cause shell syntax embedded in that path to execute as the local user. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS