CVE-2026-48732
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-48732
EUVD
EUVD-2026-39014
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
warp warp to 0.2026.05.06.15.42.stable_01 (inc)
warpdotdev warp From 0.2023.03.21.08.02.stable_00 (inc) to 0.2026.05.06.15.42.stable_01 (exc)
warpdotdev warp 0.2026.05.06.15.42.stable_01
warpdotdev warp 0.2026.05.13.09.15.stable_01
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Warp, an agentic development environment, specifically in versions from 0.2023.03.21.08.02.stable_00 up to but not including 0.2026.05.06.15.42.stable_01. It is a command injection issue in the legacy SSH background command path. Warp uses the remote working directory reported by the SSH session to build helper commands for SSH-backed metadata collection. If an attacker controls the remote host, repository, or directory name, they can inject additional shell commands that will be executed on the remote host under the victim's authenticated SSH account.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker to execute arbitrary shell commands on the remote host with the privileges of the victim's authenticated SSH account. This can lead to full compromise of the remote system, including unauthorized access, data theft, data modification, or disruption of services.

Mitigation Strategies

To mitigate this vulnerability, upgrade Warp to version 0.2026.05.06.15.42.stable_01 or later, as this version contains the fix for the command injection issue in the legacy SSH background command path.

Compliance Impact

CVE-2026-48732 is a high-severity command injection vulnerability that allows attackers to execute unauthorized commands on a remote host using the victim's authenticated SSH account. Successful exploitation may lead to unauthorized access, modification, or disruption of files and processes accessible to that account.

Such unauthorized access and potential data compromise could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining confidentiality, integrity, and availability of systems.

Because the vulnerability allows attackers to execute arbitrary commands remotely, it increases the risk of data breaches or unauthorized data manipulation, which are critical concerns under these regulations.

Mitigation requires updating to the patched version of Warp, as no complete workaround exists.

Detection Guidance

This vulnerability involves command injection through the remote working directory used by Warp in legacy SSH background commands. Detection involves identifying if your Warp installation is a vulnerable version (from 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01) and if legacy SSH sessions are active.

To detect potential exploitation or presence of the vulnerability, you can check the Warp version installed and monitor SSH session commands for suspicious or unexpected shell syntax execution related to remote working directories.

Suggested commands include:

  • Check Warp version: `warp --version` or check the installed package version to confirm if it is within the vulnerable range.
  • Monitor SSH sessions for unusual commands or injected shell syntax, for example by reviewing SSH session logs or command histories.
  • Search for suspicious usage of remote working directories containing shell metacharacters in logs or session metadata.

No specific detection commands are provided in the resources, but focusing on version checking and monitoring legacy SSH session commands related to remote working directories is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart