What is the CVSS score of CVE-2026-44465?

CVE-2026-44465 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Which versions of Zed are affected by CVE-2026-44465?

Zed code editor versions before 0.227.1 contain a remote code execution vulnerability triggered by opening folders with malicious Git configuration files, bypassing the editor's safety mechanisms for…. A patch is available.

Zed CVE-2026-44465

EUVD-2026-32937 HIGH

OS Command Injection (CWE-78)

2026-05-28 GitHub_M

RCE Command Injection

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 28, 2026 - 18:02 EUVD

Analysis Generated

May 28, 2026 - 17:20 vuln.today

DescriptionNVD

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1.

AnalysisAI

Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malicious .git/config file that abuses the core.fsmonitor Git configuration option. The flaw triggers even in untrusted mode, defeating the safety boundary users expect when opening unknown repositories, and no public exploit has been identified at time of analysis though the advisory is published by the vendor.

RemediationAI

Within 24 hours: Identify and inventory all Zed installations across development teams; notify users to avoid opening untrusted repositories until patched. Within 7 days: Upgrade all Zed instances to version 0.227.1 or later; verify patch deployment through automated tools or manual spot checks. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44465 vulnerability details – vuln.today

Back

Zed CVE-2026-44465

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code