Description
Warp versions containing the affected iTerm file handling code accept non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step.
Impact
Successful exploitation results in creation, truncation, or overwriting of user-writable files in the terminal's active working directory. If such a file is later interpreted by the user's shell, desktop environment, project tooling, or Warp configuration, this can escalate to persistence or delayed command execution with the user's privileges. Exploitation requires the user to display attacker-controlled output in a vulnerable Warp terminal.
Patch
The patch disables automatic local writes for non-inline iTerm file payloads. Patched builds drop non-inline iTerm file payloads with a warning and continue to support legitimate inline image rendering.
Workarounds
Update to a patched Warp build. No other workarounds exist.
Credits
Thanks to the following reporters who responsibly disclosed this issue:
References
Description
Warp versions containing the affected iTerm file handling code accept non-inline
OSC 1337;Filepayloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step.Impact
Successful exploitation results in creation, truncation, or overwriting of user-writable files in the terminal's active working directory. If such a file is later interpreted by the user's shell, desktop environment, project tooling, or Warp configuration, this can escalate to persistence or delayed command execution with the user's privileges. Exploitation requires the user to display attacker-controlled output in a vulnerable Warp terminal.
Patch
The patch disables automatic local writes for non-inline iTerm file payloads. Patched builds drop non-inline iTerm file payloads with a warning and continue to support legitimate inline image rendering.
Workarounds
Update to a patched Warp build. No other workarounds exist.
Credits
Thanks to the following reporters who responsibly disclosed this issue:
References
v0.2026.05.06.15.42.stable_01