Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| warpdotdev | warp | >= 0.2024.02.20.08.01.stable_01, < 0.2026.05.13.09.15.stable_01 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-48704 | 8.8 HIGH | Warp Markdown notebook links may open executable local files |
| CVE-2026-48732 | 8.8 HIGH | Warp: Remote SSH cwd can lead to unauthorized remote command execution |
| CVE-2026-48720 | 8.8 HIGH | Warp: SSH remote output can lead to local file overwrite and persistence |
| CVE-2026-48721 | 8.6 HIGH | Warp: Env-var prefixes can lead to denylisted command autoexecution |
| CVE-2026-48725 | 8.1 HIGH | Warp may allow terminal output to access the local clipboard through OSC 52 |
| CVE-2026-48719 | 8.0 HIGH | Warp branch selector command injection via Git branch names |
| CVE-2026-48703 | 7.8 HIGH | Warp: Command Injection via Warp code search tool arguments |
| CVE-2026-54699 | 7.7 HIGH | Warp: OS command injection when opening terminal links from WSL |
| CVE-2026-54686 | 4.3 MEDIUM | Warp: DCS lifecycle hook spoofing can alter terminal session metadata |
No comments yet