2 matches found
PT-2026-39599
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...
PT-2026-39598
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.229.0 Description The terminal tool permission system in the Zed code editor can be bypassed using bash variable expansion chaining $var@P. This allows for arbitrary command execution when an allowlisted command prefix ...