Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool...

8.6 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0.

AI Analysis

Allowlist bypass via bash arithmetic expansion in terminal tool permissions

Basic Information

ID CVE-2026-44466

Source GitHub_M

Published May 28, 2026 at 16:16

Affected Product

Vendor zed-industries

Product zed

Version < 0.229.0

Affected Versions zed-industries zed < 0.229.0

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor zed-industries

Product Zed

Version < 0.229.0

References

github.com /zed-industries/zed/security/advisories/GHSA-c99f-97vf-4h5h

{
    "lastseen": "",
    "description": "Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0.",
    "published": "2026-05-28T16:16:05.409Z",
    "modified": "2026-05-28T16:16:05.409Z",
    "type": "cve",
    "title": "Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions",
    "source": "GitHub_M",
    "references": "https://github.com/zed-industries/zed/security/advisories/GHSA-c99f-97vf-4h5h",
    "id": "CVE-2026-44466",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "zed-industries zed < 0.229.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "zed",
    "version": "< 0.229.0",
    "vendor": "zed-industries",
    "ai_description": "Allowlist bypass via bash arithmetic expansion in terminal tool permissions",
    "ai_severity": "High",
    "ai_vendor": "zed-industries",
    "ai_product": "Zed",
    "ai_version": "< 0.229.0",
    "ai_score": 8.6
}

Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions_CVE-2026-44466