Warp Markdown Link Flaw Allowed Local Executables to Be Opened
Warp disclosed and patched CVE-2026-48704 / GHSA-589x-4mxh-jcrf, a high-severity flaw in its Markdown notebook link handling that could cause executable local files to be opened through the operating system’s default file handler. The bug affects Warp versions from 0.2023.10.24.08.03.stable_00 up to, but not including, 0.2026.05.06.15.42.stable_01, and could be triggered when a user clicked a malicious local-file link embedded in attacker-controlled Markdown content or a project.
Successful exploitation could lead to code execution with the privileges of the Warp user, with confirmed impact on macOS and Windows and conditional impact on Linux depending on desktop environment and file-handler settings. Warp fixed the issue in version 0.2026.05.06.15.42.stable_01 by changing unsafe local-link behavior so files are revealed in the file manager instead of opened, and urged users to update immediately or avoid opening untrusted Markdown files and clicking embedded links until patched.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
CVE-2026-48704 is published with high severity
On 2026-06-24, CVE-2026-48704 was published as a high-severity vulnerability with a CVSS v3.1 score of 8.8. The CVE described remote exploitation via malicious Markdown content requiring user interaction and identified Warp versions before 0.2026.05.06.15.42.stable_01 as affected.
Warp fixes Markdown local-file link vulnerability
Warp patched a vulnerability in Markdown notebook link handling in version 0.2026.05.06.15.42.stable_01. The fix changed unsafe local-link behavior so files are revealed in the file manager instead of being opened via the operating system's default handler.
Warp publishes advisory for CVE-2026-48704
On 2026-06-09, Warp disclosed GHSA-589x-4mxh-jcrf / CVE-2026-48704, describing how malicious Markdown notebook links could cause executable local files to be opened and potentially lead to code execution with the user's privileges. The advisory said affected versions began at 0.2023.10.24.08.03.stable_00 and urged users to update or avoid clicking links in untrusted Markdown content.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2026-48704 - Warp Markdown notebook links may open executable local files
cvefeed.io
Open sourceMarkdown notebook links may open executable local files · Advisory · warpdotdev/warp · GitHub
github.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Windows Notepad Markdown Link Validation Flaw Enables Arbitrary Command Execution
Microsoft patched a high-severity **remote code execution** issue in the modern *Windows Notepad* (Microsoft Store version) tracked as **CVE-2026-20841**, where improper validation of links in Markdown (`.md`) files can lead to arbitrary command execution in the context of the logged-in user. The flaw can be triggered when a victim opens a specially crafted Markdown file and clicks a rendered hyperlink; Notepad’s Markdown rendering/tokenization pipeline turns link text into interactive elements, and the click handler passes attacker-controlled link values onward with insufficient sanitization. Technical reporting indicates Notepad forwards the link target to `ShellExecuteExW()` with only minimal filtering (e.g., stripping leading/trailing slashes), allowing malicious protocol URIs such as `file://` and `ms-appinstaller://` to be invoked via registered protocol handlers. Exploitation is primarily social-engineering driven (email, downloads, or other delivery mechanisms) and requires user interaction (opening the file and clicking the link), but can result in execution of attacker-chosen commands or loading attacker-controlled content depending on protocol handler behavior and system configuration; the issue was disclosed via **Zero Day Initiative** and credited to researchers including Cristian Papa and Alasdair Gorniak (Delta Obscura), with additional analysis referenced by third-party reporting.
Mar 21, 2026
Warp Fixes Command Injection Flaws in SSH Sessions and Git Branch Selection
Warp disclosed and patched multiple command injection vulnerabilities that could let attacker-controlled input reach shell commands in the terminal and development environment. One flaw, tracked as **CVE-2026-48732** / `GHSA-qqpc-wvvw-4269`, affected legacy SSH background command handling from version `v0.2023.03.21.08.02.stable_00` onward. Malicious remote host, repository, or directory names could inject shell syntax into helper commands used for SSH-backed metadata collection, allowing command execution on the remote host with the victim’s authenticated SSH account after user interaction in an affected legacy SSH session. Warp said the issue was fixed by escaping embedded single quotes in the remote working directory and released patched versions including `v0.2026.05.06.15.42.stable_01` and `v0.2026.05.13.09.15.stable_01`. A separate high-severity flaw, **CVE-2026-48719**, affected Warp versions from `0.2025.08.06.08.12.stable_00` through `0.2026.05.06.15.42.stable_01` and allowed a malicious Git branch name to be interpreted by the victim’s shell when selected from Warp’s prompt branch selector. Warp’s June code changes also show broader hardening of remote SSH session handling, including shell-specific escaping for single quotes before constructing commands such as `cd` and `cat`, plus tests covering Bash, Zsh, Fish, and PowerShell to keep crafted paths inert. The combined disclosures indicate that untrusted repository metadata and remote session context could be weaponized for command execution unless users upgrade to fixed releases.
Jun 24, 2026
Windows Notepad Markdown Link Handling Flaw Enables Remote Code Execution
Microsoft patched a high-severity **remote code execution** issue in the modern *Windows Notepad* (Microsoft Store) app, tracked as **CVE-2026-20841** (CVSS 8.8), caused by **command injection** (`CWE-77`) tied to improper neutralization of special elements used in commands. The weakness can be triggered when a user opens a booby-trapped **Markdown (`.md`)** file in Notepad and clicks an embedded malicious link; the app can be coerced into launching **unverified protocols** that load and execute remote content, resulting in code execution in the **security context of the logged-in user** (potentially full compromise if the user has admin rights).
Apr 11, 2026