By weakness (CWE)
CWE-78: related vulnerabilities
CVEs classified under CWE-78. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
4 published vulnerabilities
- CVE-2026-44461HIGH 8.6
Zed, a modern code editor, has a vulnerability in how it constructs commands for remote development over SSH or WSL (Windows Subsystem for Linux). When opening a terminal in a remote session, Zed builds a shell command that includes environment variables, but it doesn't properly escape or validate the names of those variables. An attacker who can inject a malicious environment variable name—such as through project-level terminal settings—can embed shell commands within that name. When the remote shell executes the command, it interprets these embedded instructions, allowing arbitrary code execution on the remote machine under the user's privileges. The flaw has been patched in version 0.227.1.
- CVE-2026-44463HIGH 8.6
Zed, a modern code editor, contains a security flaw in how it controls which programs can run in the integrated terminal. An attacker can bypass these permission restrictions by sneaking environment variable assignments into commands that are supposed to be allowed. By manipulating variables like PAGER, an attacker can redirect the editor to run malicious code when it attempts to display output. This affects Zed versions before 0.229.0 and is resolved in that release.
- CVE-2026-45322HIGH 7.8
Microsoft's UFO framework, an open-source tool for automating tasks across devices, contains a command injection flaw in its shell execution component. An attacker with write access to UFO's session files can embed malicious system commands that execute with the privileges of the UFO process when a session is resumed or replayed. This creates a local privilege escalation risk in environments where session files may be accessible or shared.
- CVE-2026-44604HIGH 7.0
A flaw in RPM's archive extraction tool allows an attacker to run arbitrary commands on a system by crafting a malicious archive with shell metacharacters embedded in its folder name. When a user extracts such an archive using the rpmuncompress utility, the unsanitized folder name is passed directly into a shell command, enabling code execution with the privileges of the extracting user. The vulnerability affects ZIP, 7z, and GEM archive formats.