80 matches found
CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
CVE-2026-44465
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...
Linux Distros Unpatched Vulnerability : CVE-2026-44462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary...
CVE-2026-44462
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...
Linux Distros Unpatched Vulnerability : CVE-2026-44461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable key...
Linux Distros Unpatched Vulnerability : CVE-2026-44465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonit...
Linux Distros Unpatched Vulnerability : CVE-2026-44466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrar...
CVE-2026-44465
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...
CVE-2026-44466
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
CVE-2026-44462
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...
CVE-2026-44463
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...
CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
UBUNTU-CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
UBUNTU-CVE-2026-44463
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...
UBUNTU-CVE-2026-44462
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...
UBUNTU-CVE-2026-44466
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
CVE-2026-44466 Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
EUVD-2026-32940
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
CVE-2026-44466
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
CVE-2026-44466 Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...