Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/24 5:29 p.m.36 views

CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 5:29 p.m.13 views

CVE-2026-48732

Warp prior to version 0.2026.05.06.15.42.stable_01 contains a command injection in the legacy SSH background command path: the remote working directory from the SSH session is embedded into a shell command without escaping, allowing an attacker-controlled path (host/repo/dir) to inject arbitrary ...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 5:26 p.m.38 views

CVE-2026-54699

Warp contains an OS command injection in the WSL URL-opening fallback. When Warp runs under WSL and cannot open a URL via wslview, it uses a Windows command processor path, and a URL controlled through terminal output can reach this fallback when opened. Affected versions range from 0.2024.03.12....

7.7CVSS5.9AI score0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:22 p.m.14 views

CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:22 p.m.3 views

CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS6AI score0.00213EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14594

Malware in sbrugna...

9.8CVSS9.4AI score0.05598EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2023/05/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-27856

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...

9.8CVSS7.2AI score0.05598EPSS
Exploits1References1
Rows per page
Query Builder