CVE-2026-48721: CWE-180: Incorrect Behavior Order: Validate Before Canonicalize in warpdotdev warp
Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent's command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
AI Analysis
Technical Summary
CVE-2026-48721 is a vulnerability in the Warp development environment affecting its default unsandboxed CLI agent profile. The CLI profile uses a denylist to restrict certain commands that require user confirmation. However, the validation of commands occurs before canonicalization of leading environment-variable assignments, which can be manipulated by an attacker controlling the agent's command output. This leads to a permission-check bypass allowing execution of denylisted commands without confirmation. The vulnerability affects versions from 0.2025.10.08.08.12.stable_00 through 0.2026.05.06.15.42.stable_01 (exclusive).
Potential Impact
Successful exploitation allows an attacker with the ability to influence the agent's command output to bypass the denylist safety mechanism in the CLI profile, potentially executing commands that should require confirmation. This can lead to full confidentiality, integrity, and availability compromise of the affected system as indicated by the CVSS score of 8.6 with high impact on all security properties.
Mitigation Recommendations
A fix is available in Warp version 0.2026.05.06.15.42.stable_01. Users should upgrade to this version or later to remediate the vulnerability. No other mitigation or temporary workaround is indicated in the available data.
CVE-2026-48721: CWE-180: Incorrect Behavior Order: Validate Before Canonicalize in warpdotdev warp
Description
Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent's command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
CVSS v3.1
Score 8.6high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-48721 is a vulnerability in the Warp development environment affecting its default unsandboxed CLI agent profile. The CLI profile uses a denylist to restrict certain commands that require user confirmation. However, the validation of commands occurs before canonicalization of leading environment-variable assignments, which can be manipulated by an attacker controlling the agent's command output. This leads to a permission-check bypass allowing execution of denylisted commands without confirmation. The vulnerability affects versions from 0.2025.10.08.08.12.stable_00 through 0.2026.05.06.15.42.stable_01 (exclusive).
Potential Impact
Successful exploitation allows an attacker with the ability to influence the agent's command output to bypass the denylist safety mechanism in the CLI profile, potentially executing commands that should require confirmation. This can lead to full confidentiality, integrity, and availability compromise of the affected system as indicated by the CVSS score of 8.6 with high impact on all security properties.
Mitigation Recommendations
A fix is available in Warp version 0.2026.05.06.15.42.stable_01. Users should upgrade to this version or later to remediate the vulnerability. No other mitigation or temporary workaround is indicated in the available data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-22T18:47:27.756Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c19c5eed863c81e39511a
Added to database: 06/24/2026, 17:54:13 UTC
Last enriched: 06/24/2026, 18:09:46 UTC
Last updated: 06/24/2026, 19:05:15 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.