CVE-2026-48719: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in warpdotdev warp
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
AI Analysis
Technical Summary
CVE-2026-48719 is an OS command injection vulnerability (CWE-78) in the Warp development environment. The flaw exists in the prompt branch selector component, where a maliciously crafted branch name published to a Git repository can be interpreted by the victim's shell upon selection in the Warp UI. This enables an attacker with the ability to publish branches to execute arbitrary commands in the context of the victim user. The vulnerability affects Warp versions starting from 0.2025.08.06.08.12.stable_00 up to but excluding 0.2026.05.06.15.42.stable_01, where it has been fixed.
Potential Impact
Successful exploitation can lead to arbitrary code execution with the privileges of the victim user running Warp. This can result in full confidentiality, integrity, and availability compromise of the affected system. The CVSS v3.1 base score is 8.0, reflecting high impact on confidentiality, integrity, and availability. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
A fix is available in Warp version 0.2026.05.06.15.42.stable_01. Users should upgrade to this version or later to remediate the vulnerability. No other mitigation or temporary workaround is indicated in the available data.
CVE-2026-48719: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in warpdotdev warp
Description
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
CVSS v3.1
Score 8.0high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-48719 is an OS command injection vulnerability (CWE-78) in the Warp development environment. The flaw exists in the prompt branch selector component, where a maliciously crafted branch name published to a Git repository can be interpreted by the victim's shell upon selection in the Warp UI. This enables an attacker with the ability to publish branches to execute arbitrary commands in the context of the victim user. The vulnerability affects Warp versions starting from 0.2025.08.06.08.12.stable_00 up to but excluding 0.2026.05.06.15.42.stable_01, where it has been fixed.
Potential Impact
Successful exploitation can lead to arbitrary code execution with the privileges of the victim user running Warp. This can result in full confidentiality, integrity, and availability compromise of the affected system. The CVSS v3.1 base score is 8.0, reflecting high impact on confidentiality, integrity, and availability. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
A fix is available in Warp version 0.2026.05.06.15.42.stable_01. Users should upgrade to this version or later to remediate the vulnerability. No other mitigation or temporary workaround is indicated in the available data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-22T18:47:27.756Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c19c5eed863c81e395112
Added to database: 06/24/2026, 17:54:13 UTC
Last enriched: 06/24/2026, 18:09:59 UTC
Last updated: 06/24/2026, 19:05:15 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.