CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

EUVD-2026-8777

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

CVE-2026-27967 Symlink Escape in Agent File Tools

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

PT-2026-22049

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.225.9 Description A symlink escape issue exists in Zed, a code editor, within the Agent file tools read file, edit file. This allows reading and writing files outside the project directory when the project contains...