Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
{
"cwe_ids": [
"CWE-20",
"CWE-73"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48720.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": ">= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01"
},
{
"last_affected": ">= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "GitHub_M"
}