4 matches found
CVE-2026-44466
Zed code editor contains a local, high-severity flaw (CVE-2026-44466) in the terminal tool permission system that can bypass the allowlist via bash arithmetic expansion $((...)), enabling arbitrary commands nested inside an allowlisted command (e.g., echo). This affects Zed prior to version 0.229...
CVE-2026-44466
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
PT-2026-39598
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.229.0 Description The terminal tool permission system in the Zed code editor can be bypassed using bash variable expansion chaining $var@P. This allows for arbitrary command execution when an allowlisted command prefix ...
PT-2026-39599
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...