CVE-2026-44463

Published May 28th, 2026

View on NVD ↗

CVSS v3

8.6

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

zed-industries/zed

Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.

GitHub

85.1K