Skip to main content

Zed CVE-2026-25805

MEDIUM
Product UI does not Warn User of Unsafe Actions (CWE-356)
2026-02-10 security-advisories@github.com
6.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.4 MEDIUM
AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
PoC Detected
Feb 19, 2026 - 15:08 vuln.today
Public exploit code
CVE Published
Feb 10, 2026 - 18:16 nvd
MEDIUM 6.4

DescriptionGitHub Advisory

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.

AnalysisAI

Zed Editor versions prior to 0.219.4 fail to display tool invocation parameters during permission prompts or after execution, allowing attackers with high privileges to execute tools with malicious or unintended parameters without user awareness. Public exploit code exists for this vulnerability. The issue is resolved in version 0.219.4, which adds expandable tool call details for transparency.

Technical ContextAI

Affects Zed. Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More in Zed

View all
CVE-2026-27976 HIGH POC
8.8 Feb 26

Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]

CVE-2026-27800 HIGH POC
7.4 Feb 26

Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitiz

CVE-2026-27967 HIGH POC
7.1 Feb 26

Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers

CVE-2018-16518 CRITICAL
9.8 Sep 05

A directory traversal vulnerability with remote code execution in Prim'X Zed!. Rated critical severity (CVSS 9.8), this

CVE-2026-44465 HIGH
8.6 May 28

Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malici

CVE-2026-44463 HIGH
8.6 May 28

Arbitrary code execution in the Zed code editor (versions prior to 0.229.0) is possible by abusing its terminal tool per

CVE-2026-44466 HIGH
8.6 May 28

Command injection in Zed code editor versions prior to 0.229.0 allows bypass of the terminal tool's permission allowlist

CVE-2026-44461 HIGH
8.6 May 28

Remote command execution in Zed code editor versions prior to 0.227.1 occurs when opening SSH or WSL remote terminals be

CVE-2023-50444 HIGH
7.5 Dec 13

By default, .ZED containers produced by PRIMX ZED!. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2026-44462 MEDIUM
6.4 May 28

{var@P} prompt-string operator. Zed's terminal tool system enforces command-prefix allowlists to control what commands c

CVE-2023-50440 MEDIUM
5.5 Dec 13

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication require

CVE-2023-50439 MEDIUM
5.3 Dec 13

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no

Share

CVE-2026-25805 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy