Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1.
AnalysisAI
Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malicious .git/config file that abuses the core.fsmonitor Git configuration option. The flaw triggers even in untrusted mode, defeating the safety boundary users expect when opening unknown repositories, and no public exploit has been identified at time of analysis though the advisory is published by the vendor.
Technical ContextAI
Zed is a Rust-based collaborative code editor developed by Zed Industries (CPE: cpe:2.3:a:zed-industries:zed). The vulnerability is rooted in CWE-78 (OS Command Injection) and abuses Git's core.fsmonitor option, which lets Git invoke an external file system monitor command to track changed files. When Zed opens a directory and initializes its Git integration, it honors per-repository .git/config values including core.fsmonitor, causing Git (invoked under Zed) to execute the attacker-supplied program. This is a well-known Git misuse class - similar fsmonitor abuse has historically affected other editors that auto-load repository configuration without first vetting it against a trusted scope.
RemediationAI
Vendor-released patch: upgrade Zed to 0.227.1 or later, per the GitHub Security Advisory at https://github.com/zed-industries/zed/security/advisories/GHSA-fj2r-rmw6-h222. Until the upgrade is rolled out, do not open untrusted repositories in Zed; if a folder must be inspected, clone it on a sandboxed host or first remove or audit the .git/config file (specifically any core.fsmonitor, core.sshCommand, or other command-invoking keys) before opening. Restricting Zed to opening only directories from known-trusted sources is the most practical compensating control, with the trade-off that it interrupts normal triage of unknown OSS repositories.
Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]
Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitiz
Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers
Zed Editor versions prior to 0.219.4 fail to display tool invocation parameters during permission prompts or after execu
A directory traversal vulnerability with remote code execution in Prim'X Zed!. Rated critical severity (CVSS 9.8), this
Arbitrary code execution in the Zed code editor (versions prior to 0.229.0) is possible by abusing its terminal tool per
Command injection in Zed code editor versions prior to 0.229.0 allows bypass of the terminal tool's permission allowlist
Remote command execution in Zed code editor versions prior to 0.227.1 occurs when opening SSH or WSL remote terminals be
By default, .ZED containers produced by PRIMX ZED!. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
{var@P} prompt-string operator. Zed's terminal tool system enforces command-prefix allowlists to control what commands c
ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication require
ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32937