ByteOS Network

NVD Vulnerability Details :

CVE-2026-48704

Deferred

Source-security-advisories@github.com

Published At-24 Jun, 2026 | 18:17

Updated At-25 Jun, 2026 | 14:29

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
			N/A

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: N/A

Version:

Base score:

Base severity: N/A

Vector:

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	security-advisories@github.com

CWE ID: CWE-20

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/warpdotdev/warp/commit/7f0c4dd2322198f1b39890f8e6bcdc606c6a3c74	security-advisories@github.com	N/A
https://github.com/warpdotdev/warp/security/advisories/GHSA-589x-4mxh-jcrf	security-advisories@github.com	N/A

Hyperlink: https://github.com/warpdotdev/warp/commit/7f0c4dd2322198f1b39890f8e6bcdc606c6a3c74

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/warpdotdev/warp/security/advisories/GHSA-589x-4mxh-jcrf

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History