CVE-2026-48721

HIGH 8.6

Warp: Env-var prefixes can lead to denylisted command autoexecution

CVSS Score

8.6

EPSS Score

0.0%

EPSS Percentile

0th

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent's command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

CWE	CWE-180 CWE-693
Vendor	warpdotdev
Product	warp
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for warpdotdev warp

Be the first to know when new high vulnerabilities affecting warpdotdev warp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

warpdotdev / warp

>= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/warpdotdev/warp/security/advisories/GHSA-3839-h8jj-ph82 github.com: https://github.com/warpdotdev/warp/commit/0c1e243292c642d9a7748f80813b6fdfc0b31a9e