CVE-2026-44463

HIGH NVD

CVSS Score 8.6

Severity HIGH

Published May 28, 2026

Vendor unknown

Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

References

https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg