CVE-2026-54699
Warp contains an OS command injection in the WSL URL-opening fallback. When Warp runs under WSL and cannot open a URL via wslview, it uses a Windows command processor path, and a URL controlled through terminal output can reach this fallback when opened. Affected versions range from 0.2024.03.12....