Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool...

8.6 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

AI Analysis

Allowlist bypass via environment variable injection in terminal tool permissions, allowing arbitrary code execution

Basic Information

ID CVE-2026-44463

Source GitHub_M

Published May 28, 2026 at 16:15

Affected Product

Vendor zed-industries

Product zed

Version < 0.229.0

Affected Versions zed-industries zed < 0.229.0

CWE Classification

CWE-184 CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor zed-industries

Product Zed

Version < 0.229.0

References

github.com /zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg

{
    "lastseen": "",
    "description": "Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.",
    "published": "2026-05-28T16:15:13.826Z",
    "modified": "2026-05-28T16:15:13.826Z",
    "type": "cve",
    "title": "Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions",
    "source": "GitHub_M",
    "references": "https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg",
    "id": "CVE-2026-44463",
    "bulletinFamily": "",
    "cwe": [
        "CWE-184",
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "zed-industries zed < 0.229.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "zed",
    "version": "< 0.229.0",
    "vendor": "zed-industries",
    "ai_description": "Allowlist bypass via environment variable injection in terminal tool permissions, allowing arbitrary code execution",
    "ai_severity": "High",
    "ai_vendor": "zed-industries",
    "ai_product": "Zed",
    "ai_version": "< 0.229.0",
    "ai_score": 8.6
}

Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions_CVE-2026-44463