CVE-2026-44463
Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Productos afectados
zed-industries · zed¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →