Description
Warp versions containing the affected Markdown notebook link handling may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets.
Impact
Successful exploitation may allow code execution with the privileges of the Warp user. Exploitation requires user interaction: the user must open attacker-controlled Markdown content in Warp and click the rendered link, and the linked file must exist locally in a location controlled or influenced by the attacker. Confirmed impact applies to macOS and Windows. Linux impact depends on the desktop environment and file-handler configuration.
Patch
The patch changes Markdown notebook local-link handling so files that would be opened by a system default handler are revealed in the file manager instead of opened. Safe Warp viewer/editor targets and supported image viewer behavior remain available.
Workarounds
Update to a patched Warp version. If updating immediately is not possible, avoid clicking links in Markdown content from untrusted sources.
Credits
Thanks to the following reporter who responsibly disclosed this issue:
References
Description
Warp versions containing the affected Markdown notebook link handling may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets.
Impact
Successful exploitation may allow code execution with the privileges of the Warp user. Exploitation requires user interaction: the user must open attacker-controlled Markdown content in Warp and click the rendered link, and the linked file must exist locally in a location controlled or influenced by the attacker. Confirmed impact applies to macOS and Windows. Linux impact depends on the desktop environment and file-handler configuration.
Patch
The patch changes Markdown notebook local-link handling so files that would be opened by a system default handler are revealed in the file manager instead of opened. Safe Warp viewer/editor targets and supported image viewer behavior remain available.
Workarounds
Update to a patched Warp version. If updating immediately is not possible, avoid clicking links in Markdown content from untrusted sources.
Credits
Thanks to the following reporter who responsibly disclosed this issue:
References
v0.2026.05.06.15.42.stable_01