Lucene search
K

4 matches found

CVE
CVE
added 2026/05/28 4:16 p.m.23 views

CVE-2026-44466

Zed code editor contains a local, high-severity flaw (CVE-2026-44466) in the terminal tool permission system that can bypass the allowlist via bash arithmetic expansion $((...)), enabling arbitrary commands nested inside an allowlisted command (e.g., echo). This affects Zed prior to version 0.229...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/28 4:15 p.m.34 views

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS0.00232EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 4:15 p.m.12 views

EUVD-2026-32939

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:13 p.m.13 views

CVE-2026-44462 Zed: Allowlist Bypass via Bash Variable Expansion Chain in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

6.4CVSS6.1AI score0.00438EPSS
Exploits1References1
Rows per page
Query Builder