Vulners
Lucene search
Zed < 0.224.4 Multiple Path Traversal Vulnerabilities
| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
 | CVE-2026-27800 | 25 Feb 202623:25 | – | attackerkb |
| CVE-2026-27976 | 25 Feb 202623:34 | – | attackerkb |
 | CVE-2026-27800 | 4 Mar 202604:00 | – | circl |
| CVE-2026-27976 | 26 Feb 202601:10 | – | circl |
 | Zed 安全漏洞 | 26 Feb 202600:00 | – | cnnvd |
| Zed 路径遍历漏洞 | 26 Feb 202600:00 | – | cnnvd |
 | CVE-2026-27800 | 25 Feb 202623:25 | – | cve |
| CVE-2026-27976 | 25 Feb 202623:34 | – | cve |
 | CVE-2026-27800 Zed has Zip Slip Path Traversal in Extension Archive Extraction | 25 Feb 202623:25 | – | cvelist |
| CVE-2026-27976 Zed Extension Sandbox Escape via Tar Symlink Following | 25 Feb 202623:34 | – | cvelist |
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(300838);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/16");
script_cve_id("CVE-2026-27800", "CVE-2026-27976");
script_name(english:"Zed < 0.224.4 Multiple Path Traversal Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A code editor installed on the remote host is affected by multiple path traversal vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Zed installed on the remote host is prior to 0.224.4. It is, therefore, affected by multiple
vulnerabilities:
- A Zip Slip path traversal vulnerability exists in the extension archive extraction functionality. The extract_zip()
function fails to validate ZIP entry filenames for path traversal sequences, allowing a malicious extension to write
files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive.
(CVE-2026-27800)
- A path traversal vulnerability exists in the extension installer tar extractor. The tar extractor creates symlinks
from the archive without validation, and the path guard only performs lexical prefix checks without resolving
symlinks. An attacker can ship a tar that creates a symlink inside the extension workdir pointing outside, then
writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and
enables code execution. (CVE-2026-27976)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?40dcf12c");
# https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1364719b");
script_set_attribute(attribute:"solution", value:
"Upgrade to Zed version 0.224.4 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-27976");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-27800");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/25");
script_set_attribute(attribute:"patch_publication_date", value:"2026/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:zed:zed");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Artificial Intelligence");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("zed_win_installed.nbin", "macos_zed_installed.nbin", "zed_linux_installed.nbin");
script_require_keys("installed_sw/Zed");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'checks': [
{
'product': {'name': 'Zed', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'fixed_version': '0.224.4'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Mar 2026 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.17.4 - 8.8
EPSS0.0049
SSVC