CVE-2026-44463
Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
zed-industries · zedQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →