Warp

This hub aggregates every CVE we track for Warp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Warp.

• CVE-2025-0651File symlink abuse might lead to deleting files belonging to SYSTEM user7.1Jan 22, 2025
• CVE-2023-3747Insufficient Validation on Override Codes for Always-Enabled WARP Mode5.5Sep 7, 2023
• CVE-2023-0654Spoofing User's Activity Loads in WARP Mobile Client (Android)3.9Aug 29, 2023
• CVE-2023-0238Injecting Activity Loads in WARP Mobile Client3.9Aug 29, 2023
• CVE-2023-2754Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client7.4Aug 3, 2023
• CVE-2023-1862Remote access to warp-svc.exe in Cloudflare WARP7.3Jun 20, 2023
• CVE-2023-0652Local Privilege Escalation in Cloudflare WARP Installer (Windows)7.0Apr 6, 2023
• CVE-2023-1412Local Privilege Escalation Vulnerability in WARP's MSI Installer7.0Apr 5, 2023
• CVE-2022-4428support_uri validation missing in WARP client for Windows8.9Jan 11, 2023
• CVE-2022-4457WARP client manifest misconfiguration leading to Task Hijacking5.5Jan 11, 2023
• CVE-2022-3320Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command6.7Oct 28, 2022
• CVE-2022-3322Lock WARP switch bypass on WARP mobile client using iOS quick action6.7Oct 28, 2022
• CVE-2022-3337Lock WARP switch bypass by removing VPN profile on iOS mobile client6.7Oct 28, 2022
• CVE-2022-3321Lock WARP switch feature bypass on WARP mobile client for iOS6.7Oct 28, 2022
• CVE-2022-3512Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command6.7Oct 28, 2022