CVE-2026-48732

HIGH

Warp: Remote SSH cwd can lead to unauthorized remote command execution

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-48732. PoCs published by Saku0512.

AI-analyzed exploit summary This repository contains a functional Proof of Concept (PoC) for CVE-2026-48732, demonstrating a command injection vulnerability in Warp's legacy SSH background command handling. The PoC simulates the vulnerable command construction locally, showing how an attacker-controlled remote working directory can break out of a quoted shell argument to execute arbitrary commands.

Description

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Exploits (1)

github WORKING POC
by Saku0512 · pythonpoc
https://github.com/Saku0512/CVE-2026-48732-poc

This repository contains a functional Proof of Concept (PoC) for CVE-2026-48732, demonstrating a command injection vulnerability in Warp's legacy SSH background command handling. The PoC simulates the vulnerable command construction locally, showing how an attacker-controlled remote working directory can break out of a quoted shell argument to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Warp (versions >= v0.2023.03.21.08.02.stable_00, fixed in v0.2026.05.06.15.42.stable_01)
No auth needed
Prerequisites: Python 3 · Local execution environment
mistral-large-3 · analyzed Jun 28, 2026 Full analysis →

Scores

CVSS v3 8.8
EPSS 0.0101
EPSS Percentile 58.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
warpdotdev/warp >= 0.2023.03.21.08.02.stable_00, < 0.2026.05.13.09.15.stable_01
Published Jun 24, 2026
Tracked Since Jun 24, 2026