Lucene search
K

4 matches found

CVE
CVE
added 2026/05/28 4:16 p.m.23 views

CVE-2026-44466

Zed code editor contains a local, high-severity flaw (CVE-2026-44466) in the terminal tool permission system that can bypass the allowlist via bash arithmetic expansion $((...)), enabling arbitrary commands nested inside an allowlisted command (e.g., echo). This affects Zed prior to version 0.229...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:16 p.m.10 views

CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39598

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.229.0 Description The terminal tool permission system in the Zed code editor can be bypassed using bash variable expansion chaining $var@P. This allows for arbitrary command execution when an allowlisted command prefix ...

8.8CVSS5.9AI score0.00438EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.11 views

PT-2026-39599

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References3
Rows per page
Query Builder