Skip to content

SSH remote output can lead to local file overwrite and persistence

High
Legoben published GHSA-5h96-jrrq-6hxq Jun 9, 2026

Package

Warp

Affected versions

>=v0.2025.03.05.08.02.stable_00

Patched versions

v0.2026.05.06.15.42.stable_01

Description

Description

Warp versions containing the affected iTerm file handling code accept non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step.

Impact

Successful exploitation results in creation, truncation, or overwriting of user-writable files in the terminal's active working directory. If such a file is later interpreted by the user's shell, desktop environment, project tooling, or Warp configuration, this can escalate to persistence or delayed command execution with the user's privileges. Exploitation requires the user to display attacker-controlled output in a vulnerable Warp terminal.

Patch

The patch disables automatic local writes for non-inline iTerm file payloads. Patched builds drop non-inline iTerm file payloads with a warning and continue to support legitimate inline image rendering.

Workarounds

Update to a patched Warp build. No other workarounds exist.

Credits

Thanks to the following reporters who responsibly disclosed this issue:

References

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE ID

CVE-2026-48720

Weaknesses

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Learn more on MITRE.

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations. Learn more on MITRE.

Credits