Skip to main content

Zed EUVDEUVD-2026-32938

| CVE-2026-44462 MEDIUM
Incomplete List of Disallowed Inputs (CWE-184)
2026-05-28 GitHub_M
6.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.4 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Patch available
May 28, 2026 - 18:02 EUVD
Analysis Generated
May 28, 2026 - 17:26 vuln.today

DescriptionGitHub Advisory

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0.

AnalysisAI

{var@P} prompt-string operator. Zed's terminal tool system enforces command-prefix allowlists to control what commands can be executed; the bypass exploits an incomplete input validation list (CWE-184) to chain expansions that resolve to arbitrary shell commands while appearing to match an approved prefix. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, though the RCE-tagged nature and CVSS High confidentiality impact make it a meaningful concern for users relying on Zed's agentic terminal tool permissions.

Technical ContextAI

Zed is a GPU-accelerated code editor developed by Zed Industries (CPE: cpe:2.3:a:zed-industries:zed:*:*:*:*:*:*:*:*) that includes an integrated terminal with an AI-accessible tool permission system, allowing allowlisted command prefixes to be invoked programmatically. The root cause is CWE-184 (Incomplete List of Disallowed Inputs): the permission system checks command prefixes against an allowlist but fails to account for bash parameter transformation syntax - specifically the ${var@P} prompt-string expansion operator and similar chaining techniques - which allow the shell to evaluate a string that, before expansion, superficially matches an approved prefix but resolves to an entirely different, attacker-controlled command at execution time. This is a classic shell-expansion allowlist bypass, where the validation layer operates on the pre-expansion string while the shell executes the post-expansion result.

RemediationAI

Upgrade Zed to version 0.229.0 or later, which contains the vendor-confirmed fix for this bypass. The fix is documented in the GitHub Security Advisory at https://github.com/zed-industries/zed/security/advisories/GHSA-rqq3-p6x4-q866. If immediate upgrade is not possible, the primary compensating control is to disable or restrict use of Zed's agentic terminal tool feature entirely, preventing any programmatic invocation of the terminal that would be subject to allowlist evaluation. Users should also audit any existing command-prefix allowlists for entries that could be abused via expansion chaining. Note that restricting the terminal tool may degrade AI-assisted workflows within the editor. No additional workarounds beyond disabling the feature were specified in the advisory.

More in Zed

View all
CVE-2026-27976 HIGH POC
8.8 Feb 26

Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]

CVE-2026-27800 HIGH POC
7.4 Feb 26

Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitiz

CVE-2026-27967 HIGH POC
7.1 Feb 26

Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers

CVE-2026-25805 MEDIUM POC
6.4 Feb 10

Zed Editor versions prior to 0.219.4 fail to display tool invocation parameters during permission prompts or after execu

CVE-2018-16518 CRITICAL
9.8 Sep 05

A directory traversal vulnerability with remote code execution in Prim'X Zed!. Rated critical severity (CVSS 9.8), this

CVE-2026-44465 HIGH
8.6 May 28

Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malici

CVE-2026-44463 HIGH
8.6 May 28

Arbitrary code execution in the Zed code editor (versions prior to 0.229.0) is possible by abusing its terminal tool per

CVE-2026-44466 HIGH
8.6 May 28

Command injection in Zed code editor versions prior to 0.229.0 allows bypass of the terminal tool's permission allowlist

CVE-2026-44461 HIGH
8.6 May 28

Remote command execution in Zed code editor versions prior to 0.227.1 occurs when opening SSH or WSL remote terminals be

CVE-2023-50444 HIGH
7.5 Dec 13

By default, .ZED containers produced by PRIMX ZED!. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2023-50440 MEDIUM
5.5 Dec 13

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication require

CVE-2023-50439 MEDIUM
5.3 Dec 13

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no

Share

EUVD-2026-32938 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy