CVE-2026-48720 in warp
Summary
by MITRE • 06/24/2026
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/24/2026
This vulnerability exists within Warp, an agentic development environment that processes terminal output containing specific escape sequences. The flaw manifests in versions between 0.2025.03.05.08.02.stable_00 and 0.2026.05.06.15.42.stable_01 where the application accepts non-inline OSC 1337;File payloads from terminal output without requiring user confirmation. The OSC 1337;File escape sequence is a standardized mechanism used by terminals to communicate file transfer information, typically employed for drag-and-drop file operations or automated file handling. When Warp encounters these sequences in terminal output, it automatically decodes and creates local files on the system without prompting the user for verification, creating an automatic execution path that bypasses normal security controls.
The technical implementation of this vulnerability stems from insufficient input validation and privilege escalation within the terminal escape sequence processing logic. The application's parser does not distinguish between trusted inline payloads and potentially malicious external payloads originating from terminal output streams. This behavior violates fundamental security principles of user consent and explicit verification for file system modifications. The vulnerability can be exploited by malicious actors who craft terminal output containing specially formatted OSC 1337;File sequences that, when processed by the vulnerable Warp version, result in unauthorized local file creation. This creates a potential attack vector where adversaries could inject arbitrary files into a user's system through terminal sessions, particularly during development workflows involving external tools or automated scripts.
The operational impact of this vulnerability extends beyond simple unauthorized file creation, as it represents a significant privilege escalation risk within the development environment. Attackers could leverage this flaw to place malicious executables, configuration files, or data injection payloads directly into the user's filesystem without requiring additional privileges or explicit user interaction. The vulnerability affects developers who regularly use terminal sessions and may inadvertently execute commands that produce malicious output, or who work in environments where untrusted code is run through terminal interfaces. This creates risk for both individual developers and organizations where automated build processes, continuous integration pipelines, or collaborative development workflows could be compromised through terminal-based attacks.
Mitigation strategies should focus on implementing proper input validation and user consent mechanisms for file system operations triggered by terminal escape sequences. The fix introduced in version 0.2026.05.06.15.42.stable_01 demonstrates the necessary approach of requiring explicit confirmation before creating local files from external terminal payloads. Organizations should ensure all developers update to the patched version immediately and conduct security reviews of any existing Warp configurations or workflows that might have been exposed to this vulnerability. The remediation aligns with security best practices outlined in CWE-352, which addresses Cross-Site Request Forgery vulnerabilities where insufficient validation leads to unauthorized operations. This issue also maps to ATT&CK technique T1059.007 for Command and Scripting Interpreter, specifically targeting terminal-based execution paths, and T1074.001 for Data Staged through the creation of unauthorized files within development environments.