CVE-2026-54686

MEDIUM

Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-54686. PoCs published by Saku0512.

AI-analyzed exploit summary This repository contains a functional local Proof of Concept for CVE-2026-54686, demonstrating how Warp DCS lifecycle hook spoofing can alter terminal session metadata. The PoC simulates both vulnerable and fixed models to show the impact of missing session-ID integrity checks.

Description

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An attacker who could cause a victim to view attacker-controlled terminal output in Warp could spoof selected lifecycle metadata, including the current working directory reported for the active block or SSH session transport metadata. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Exploits (1)

github WORKING POC

by Saku0512 · pythonpoc

https://github.com/Saku0512/CVE-2026-54686-poc

View Code ZIP pw:eip

This repository contains a functional local Proof of Concept for CVE-2026-54686, demonstrating how Warp DCS lifecycle hook spoofing can alter terminal session metadata. The PoC simulates both vulnerable and fixed models to show the impact of missing session-ID integrity checks.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Warp terminal (versions >= v0.2021.04.25.23.05.stable_00, patched in v0.2026.05.06.15.42.stable_01)

No auth needed

Prerequisites: Python 3 · ability to run the script locally

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Jun 28, 2026 Full analysis →

References (3)

Core 3

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/warpdotdev/warp/security/advisories/GHSA-9w2v-jhww-vm85

X_Refsource_Misc x_refsource_misc

https://github.com/warpdotdev/warp/commit/32d21d15c9a3da1a923d1ed66226cf5cba081d16

View Writeup ZIP pw:eip

X_Refsource_Misc x_refsource_misc

https://github.com/warpdotdev/warp/commit/51bd3267803c5cc0a45074fa19fd50162be7c917

View Writeup ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 19.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-78 CWE-88

Status published

Products (1)

warpdotdev/warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01

Published Jun 24, 2026

Tracked Since Jun 24, 2026