2 matches found
CVE-2026-44466
Zed code editor contains a local, high-severity flaw (CVE-2026-44466) in the terminal tool permission system that can bypass the allowlist via bash arithmetic expansion $((...)), enabling arbitrary commands nested inside an allowlisted command (e.g., echo). This affects Zed prior to version 0.229...
PT-2026-39599
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...