HIGH🇵🇱 Wersja polska

CVE-2026-44463

CVSS 8.6v3.1pub. 2026-05-28upd. 2026-06-03

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Zed

    APP
    Zed
    < 0.229.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2026-44466HIGH8.6ten sam produkt

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithme...

CVE-2026-44465HIGH8.6ten sam produkt

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malic...

CVE-2026-44461HIGH8.6ten sam produkt

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that star...

CVE-2026-27976HIGH8.8ten sam produkt

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar ex...

CVE-2026-27800HIGH7.4ten sam produkt

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction f...