CVE-2026-48732
HIGHWarp: Remote SSH cwd can lead to unauthorized remote command execution
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-48732. PoCs published by Saku0512.
AI-analyzed exploit summary This repository contains a functional Proof of Concept (PoC) for CVE-2026-48732, demonstrating a command injection vulnerability in Warp's legacy SSH background command handling. The PoC simulates the vulnerable command construction locally, showing how an attacker-controlled remote working directory can break out of a quoted shell argument to execute arbitrary commands.
Description
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Exploits (1)
This repository contains a functional Proof of Concept (PoC) for CVE-2026-48732, demonstrating a command injection vulnerability in Warp's legacy SSH background command handling. The PoC simulates the vulnerable command construction locally, showing how an attacker-controlled remote working directory can break out of a quoted shell argument to execute arbitrary commands.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H