Vulnerability DatabaseCVE-2026-54699
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-54699
Published:June 24, 2026
Updated:June 29, 2026
Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
Related Resources (2)
https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4
https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.8
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
7.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Encoding or Escaping of Output
CWE-116
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-78
EPSS
Base Score:
0.44