CVE-2026-48719: Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp c
Summary
Warp is an agentic development environment (a tool that helps developers write code with AI assistance) that contained a command injection vulnerability (a flaw where specially crafted input can trick a system into running unintended commands) in its branch selector feature. An attacker who could publish a malicious Git branch name to a repository could cause that branch name to be executed as a shell command (instructions sent directly to the operating system) when a victim selected it from Warp's user interface.
Solution / Mitigation
This vulnerability is fixed in version 0.2026.05.06.15.42.stable_01. Users should update Warp to this version or later.
Vulnerability Details
8(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
network
low
low
required
June 24, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-48719
First tracked: June 25, 2026 at 08:22 AM
Classified by LLM (prompt v3) · confidence: 85%