13 matches found
CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
EUVD-2025-204009
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433
CVE-2025-68433 affects Zed IDE prior to 0.218.2-pre. The vulnerability arises from loading MCP configurations from a project/.zed/settings.json without explicit user confirmation, allowing a malicious MCP to execute arbitrary shell commands on the host with the IDE user’s privileges when a projec...
EUVD-2025-204010
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
PT-2025-51976
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...
PT-2025-51975
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...