Command Injection Vulnerability in Warp Terminal Docker Integration
CVE-2024-41997

Currently unrated

Key Information:

Vendor: Warp
Status: Warp Terminal
Vendor: CVE Published:; 14 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-41997?

A command injection vulnerability has been identified in Warp Terminal's Docker integration, affecting versions prior to 2024.07.18. This issue allows an attacker to craft a malicious hyperlink capable of executing arbitrary commands on the victim's machine if clicked. Users are urged to update their Warp Terminal installations to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-41997
Created by xpcmdshell

References

https://github.com/warpdotdev/warp

https://gist.github.com/bhyh/d1ee7a825fce283bf8acbdb42c8a...

https://docs.warp.dev/getting-started/changelog#id-2024.0...

Timeline

🟡
Public PoC available
Jan 1, 2026
👾
Exploit known to exist
Jan 1, 2026
Vulnerability published
Oct 14, 2024

JSON