Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

warp — Vulnerabilities & Security Advisories 30

All 30 CVE vulnerabilities found in warp, with AI-generated Chinese analysis, references, and POCs.

The WARP vulnerability aggregation page is a curated resource designed to provide comprehensive visibility into security weaknesses affecting the WARP product ecosystem. This repository collects detailed records of Common Vulnerabilities and Exposures (CVEs) and security advisories spanning the last five years, ensuring that users have access to both historical data and recent findings. By centralizing this information, the page offers a unified view of the security landscape surrounding WARP, allowing stakeholders to assess risk profiles with greater accuracy and context. Here, users can track vendor advisories to stay informed about the latest patches and mitigation strategies released by the provider. The interface enables a deep understanding of specific weakness classes, helping security teams categorize and prioritize remediation efforts based on severity and exploitability. Additionally, individuals can look up a product's vulnerability history to identify trends, recurring issues, or patterns that may indicate systemic design flaws. This historical perspective is crucial for long-term risk management and architectural review. The content is organized to facilitate quick navigation between different versions and release cycles, ensuring that both current and legacy deployments are covered. By providing clear references to official vendor statements and third-party analyses, the page supports informed decision-making for administrators and developers alike. This resource serves as a foundational tool for maintaining the integrity and security of systems utilizing WARP, promoting proactive defense rather than reactive patching.

Vendor: FatPipe

CVE IDTitleCVSSSeverityPublished
CVE-2026-48704 Warp Markdown notebook links may open executable local files CWE-20 8.8 High2026-06-24
CVE-2026-48719 Warp branch selector command injection via Git branch names CWE-78 8.0 High2026-06-24
CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence CWE-20 8.8 High2026-06-24
CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution CWE-180 8.6 High2026-06-24
CVE-2026-48731 Warp: Linux external editor command injection CWE-78 7.8 High2026-06-24
CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution CWE-78 8.8 High2026-06-24
CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata CWE-78 4.3 Medium2026-06-24
CVE-2026-54699 Warp: OS command injection when opening terminal links from WSL CWE-78 7.7 High2026-06-24
CVE-2026-48703 Warp: Command Injection via Warp code search tool arguments CWE-78 7.8 High2026-06-24
CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52 CWE-276 8.1 High2026-06-24
CVE-2025-0651 File symlink abuse might lead to deleting files belonging to SYSTEM user CWE-269 7.1 -2025-01-22
CVE-2023-2754 Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client CWE-319 7.4 High2023-08-03
CVE-2023-0652 Local Privilege Escalation in Cloudflare WARP Installer (Windows) CWE-59 7.0 High2023-04-06
CVE-2023-1412 Local Privilege Escalation Vulnerability in WARP's MSI Installer CWE-59 7.0 High2023-04-05
CVE-2022-4428 support_uri validation missing in WARP client for Windows CWE-20 8.9 High2023-01-11
CVE-2022-4457 WARP client manifest misconfiguration leading to Task Hijacking CWE-200 5.5 Medium2023-01-11
CVE-2022-3320 Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command CWE-862 6.7 Medium2022-10-28
CVE-2022-3322 Lock WARP switch bypass on WARP mobile client using iOS quick action CWE-862 6.7 Medium2022-10-28
CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client CWE-862 6.7 Medium2022-10-28
CVE-2022-3321 Lock WARP switch feature bypass on WARP mobile client for iOS CWE-862 6.7 Medium2022-10-28
CVE-2022-3512 Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command CWE-862 6.7 Medium2022-10-28
CVE-2022-2225 Zero Trust Secure Web Gateway policies bypass using WARP client subcommands CWE-284 8.1 High2022-07-26
CVE-2022-2145 Cloudlfare WARP Arbitrary File Overwrite CWE-20 5.8 Medium2022-06-28
CVE-2022-2147 Unquoted Service Path in Cloudflare WARP for Windows CWE-428 6.5 Medium2022-06-23
CVE-2021-27859 Missing authorization vulnerability in FatPipe software CWE-862 8.8 High2021-12-15
CVE-2021-27858 Missing authorization vulnerability in FatPipe software CWE-862 5.3 Medium2021-12-15
CVE-2021-27857 FatPipe software allows unauthenticated configuration download CWE-862 7.5 High2021-12-15
CVE-2021-27856 FatPipe software administrative account with no password 9.8 Critical2021-12-15
CVE-2021-27855 FatPipe software allows privilege escalation CWE-862 8.8 High2021-12-15
CVE-2021-27860 Arbitrary file upload vulnerability in FatPipe software 9.8 Critical2021-12-08

All 30 known CVE vulnerabilities affecting warp with full Chinese analysis, references, and POCs where available.