CVE-2024-41997

MEDIUM

Warp Terminal <2024.07.18 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-41997. PoCs published by xpcmdshell.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-41997, a command injection vulnerability in Warp Terminal's `warp://` URI scheme handler. It explains the unsanitized `shell` parameter in the `/docker/open_subshell` action, which allows arbitrary command execution.

Description

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine.

Exploits (1)

nomisec WRITEUP
by xpcmdshell · poc
https://github.com/xpcmdshell/CVE-2024-41997

The repository provides a detailed technical analysis of CVE-2024-41997, a command injection vulnerability in Warp Terminal's `warp://` URI scheme handler. It explains the unsanitized `shell` parameter in the `/docker/open_subshell` action, which allows arbitrary command execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Warp Terminal < v0.2024.07.16.08.02 (macOS)
No auth needed
Prerequisites: Warp Terminal running on macOS · Target clicks malicious `warp://` URL
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.6
EPSS 0.0120
EPSS Percentile 64.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Published Oct 14, 2024
Tracked Since Feb 18, 2026