PT-2026-52027 · Warpdotdev · Warp

Published

2026-06-24

·

Updated

2026-06-24

·

CVE-2026-48720

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable 00 until 0.2026.05.06.15.42.stable 01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable 01.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-73

Related Identifiers

CVE-2026-48720

Affected Products

Warp