Cloudflare One Client

by Cloudflare, Inc.v26.4.1390.0

Last updated Jun 8, 2026

1.1.1.1 with WARP replaces the connection between your device and the Internet with a modern, optimized, protocol.

Install with winget

$ winget install --id Cloudflare.Warp --exact --version 26.4.1390.0

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Cloudflare One Client

Cloudflare One Client uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i installer.msi /quiet /norestart

See the full silent install reference for Cloudflare One Client →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v26.4.1390.0

Architecture	Type	Scope	Install	Download
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

12 known CVEs via NVD

high7.1Fix in v2024.12.492.0CVE-2025-0651affects before 2024.12.492.0Jan 22, 2025
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option t...
high7.4Fix in v2023.7.160.0CVE-2023-2754affects before 2023.7.160.0Aug 3, 2023
The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopb...
Vendor advisory
high7.3Fix availableCVE-2023-1862affects <=2023.3.381.0Jun 19, 2023
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, a...
Vendor advisory
high7.0Fix in v2023.3.381.0CVE-2023-0652affects before 2023.3.381.0Apr 6, 2023
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM prot...
Vendor advisory
high7.0Fix in v2023.3.381.0CVE-2023-1412affects before 2023.3.381.0Apr 5, 2023
An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic link...
Vendor advisory
high8.9Fix availableCVE-2022-4428affects <=2022.10.106.0Jan 11, 2023
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local fil...
medium6.7Fix in v2022.8.857.0CVE-2022-3512affects before 2022.8.857.0, 2022.8.861.0, 2022.8.936Oct 27, 2022
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
medium6.7Fix in v2022.8.857.0CVE-2022-3320affects before 2022.8.857.0, 2022.8.861.0, 2022.8.936Oct 27, 2022
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Tr...

Showing 8 of 12. Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

KaringSupernova Nebula LLC
KaringX.Karingv1.2.19+2209
A singbox GUI based on flutter.
Zapret 2loop-uh
loop-uh.Zapret2v21.0.0.6
Bypassing Discord and YouTube blocks
Koala ClashKoala Clash
coolcoala.KoalaClashv1.3.1
A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience
Clash VergeClash Verge Rev
ClashVergeRev.ClashVergeRevv2.5.1
基于 Tauri 的 Clash Meta GUI
Proton VPNProton AG
Proton.ProtonVPNv4.4.1
High-speed Swiss VPN that safeguards your privacy.
WireSock Secure ConnectNT Kernel
NTKERNEL.WireSockVPNClientv3.4.8
WireSock Secure Connect is an advanced WireGuard VPN client for Windows. It offers features beyond the official WireGuard app, including selective application tunneling and IP address exclusion.

More from Cloudflare, Inc. or browse 1.1.1.1, cloudflare, dns.

Frequently asked questions

How do I install Cloudflare One Client on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Cloudflare.Warp --exact --version 26.4.1390.0. winget downloads the installer from Cloudflare, Inc. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Cloudflare One Client silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Cloudflare.Warp --exact 26.4.1390.0 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Cloudflare One Client?

Cloudflare One Client uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i installer.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Cloudflare One Client via winget?

Run: winget uninstall --id Cloudflare.Warp --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Cloudflare One Client's Apps & Features entry.

Is Cloudflare One Client free?

Cloudflare One Client is distributed under Proprietary. Refer to the publisher (https://one.one.one.one/) for the full license terms - Wingetly itself does not charge for installation.

Does Cloudflare One Client work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Cloudflare One Client directly from the publisher.

How do I keep Cloudflare One Client up to date?

Run winget upgrade --id Cloudflare.Warp --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Cloudflare One Client from microsoft/winget-pkgs.

Recent versions

26.4.1390.0latest
26.4.1350.0
26.3.851.0
26.1.150.0
25.10.186.0
25.9.558.0
25.8.779.0
25.7.176.0
25.6.1400.0
25.6.1335.0