CVE-2026-44461
Zed, a modern code editor, has a vulnerability in how it constructs commands for remote development over SSH or WSL (Windows Subsystem for Linux). When opening a terminal in a remote session, Zed builds a shell command that includes environment variables, but it doesn't properly escape or validate the names of those variables. An attacker who can inject a malicious environment variable name—such as through project-level terminal settings—can embed shell commands within that name. When the remote shell executes the command, it interprets these embedded instructions, allowing arbitrary code execution on the remote machine under the user's privileges. The flaw has been patched in version 0.227.1.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.6 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-78
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example via project terminal settings), shell expansions in the key (such as $(...)) are evaluated by the remote shell when a terminal is opened. This can lead to arbitrary command execution on the remote host under the victim user's account. This vulnerability is fixed in 0.227.1.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-44461 stems from improper construction of remote shell commands in Zed prior to version 0.227.1. The editor invokes SSH/WSL sessions by building a command string of the form 'exec env ...' and directly interpolates environment variable keys without shell escaping or validation. Since environment variable keys are not quoted or sanitized, an attacker-controlled key containing shell metacharacters and command substitution syntax (e.g., $(malicious_command)) will be evaluated by the remote shell. The attack surface includes project-level terminal environment configuration, which may be attacker-controllable in shared or compromised project repositories. The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a classic OS command injection flaw. The CVSS 3.1 score of 8.6 (HIGH) reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (opening a terminal) and local access to influence project settings.
Business impact
This vulnerability poses a direct threat to developers and security teams using Zed for remote development workflows. A compromised or malicious project repository could silently escalate an attacker's access to remote servers—cloud VMs, on-premises development hosts, or production systems accessed via SSH—simply by poisoning terminal environment variable settings. An attacker gains code execution at the privilege level of the connected user, potentially allowing lateral movement, data exfiltration, or infrastructure compromise. Organizations relying on Zed for secure remote development should treat this as a priority remediation to prevent supply-chain-style attacks through project configuration files.
Affected systems
Zed versions prior to 0.227.1 are vulnerable. The vulnerability affects users performing SSH or WSL remote development sessions, particularly those opening terminals after the editor has loaded a project. The attack surface is expanded if project repositories are shared, cloned from untrusted sources, or stored in version control systems where an attacker has write access. Users of Zed 0.227.1 and later are not affected.
Exploitability
Exploitation requires an attacker to control or modify an environment variable key within a Zed project's terminal settings, and requires the victim to open a terminal session in that project. This necessitates local file system access or repository write access, making opportunistic remote exploitation unlikely. However, the barrier is low in insider threat scenarios, shared development environments, or compromised CI/CD systems that clone repositories. Once triggered, the attack is reliable and grants full command execution capabilities on the remote host.
Remediation
Update Zed to version 0.227.1 or later immediately. This version includes proper shell escaping and validation of environment variable keys, preventing shell metacharacters from being interpreted. For teams unable to update immediately, avoid opening terminals in Zed projects originating from untrusted sources or where project configuration files have been modified by unauthorized parties. Review project-level .zed/settings.json or equivalent configuration files for suspicious environment variable keys containing shell syntax.
Patch guidance
Upgrade to Zed 0.227.1 or later using the editor's built-in update mechanism or by downloading the latest release from the official Zed repository. Verify the patch has been applied by checking the version number in Zed's About dialog or via command line (zed --version). After updating, confirm that existing remote SSH/WSL sessions function normally. No manual configuration changes are required; the fix is transparent to end users.
Detection guidance
Monitor for Zed processes invoking SSH or WSL with unusual environment variable keys. Inspect project configuration files (.zed/settings.json, .zed-settings) for environment variable definitions containing shell metacharacters, command substitution syntax ($(...), backticks), or variable expansion patterns. Log remote SSH/WSL command execution and flag invocations containing eval, bash -c, or similar patterns within environment variable context. On remote systems, audit shell command history and process accounting logs for unexpected commands spawned in association with Zed user sessions.
Why prioritize this
This vulnerability merits urgent patching due to its HIGH severity score, the ease of embedding within project files, and the direct path to remote code execution. Unlike many remote code execution flaws, this one requires no network exploit; it triggers locally when a user opens a project. For organizations where developers use Zed to access sensitive infrastructure, production systems, or shared research environments, the risk of compromise is material.
Risk score, explained
The CVSS 3.1 score of 8.6 reflects HIGH severity. Attack Vector is Local (requiring file system or project access), Attack Complexity is Low (no special conditions needed), Privileges Required is None (the victim's own user privileges suffice), and User Interaction is Required (opening a terminal). The impact is High across Confidentiality, Integrity, and Availability—an attacker gains shell access equivalent to the connected user. Scope is Changed, meaning the impact extends beyond the Zed process itself to the remote system.
Frequently asked questions
Can this be exploited if I just clone a public repository into Zed?
Yes, if the repository contains a malicious .zed/settings.json or similar configuration file with a poisoned environment variable key. Opening a terminal in that project would trigger the vulnerability. Always review project configuration files from untrusted sources before opening terminals.
Do I need to patch if I don't use SSH or WSL remote development?
No. This vulnerability only affects users who open terminals within Zed for remote SSH or WSL sessions. If you use Zed only locally without remote terminal functionality, you are not exposed.
Will updating to 0.227.1 break my existing projects or settings?
No. The patch only changes how environment variable keys are escaped internally. Your projects, settings, and workflows will continue to function normally. The fix is a security hardening that is transparent to users.
What if my organization uses an older version of Zed and can't update immediately?
Restrict project terminal access to known-safe repositories and disable terminal opening in projects with modified or untrusted configuration files. Audit your existing projects for suspicious environment variable keys in settings files. Prioritize upgrading as soon as possible, since the fix is straightforward and carries no breaking changes.
This analysis is based on the official CVE record and vendor advisory for CVE-2026-44461. Security teams should verify patch availability and version numbers against the official Zed project repository before deployment. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. No public exploit code is known to exist at the time of publication. Organizations should conduct internal testing of the patch in non-production environments before widespread deployment. SEC.co does not provide legal, compliance, or risk management advice; this analysis is for informational purposes only. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44463HIGH
CVE-2026-44463: Zed Code Editor Terminal Permission Bypass (CVSS 8.6)
- CVE-2025-41265HIGH
CVE-2025-41265: Waterfall WF-500 TX Host OS Command Injection (CVSS 7.2)
- CVE-2025-41266HIGH
CVE-2025-41266: Waterfall WF-500 TX Host Command Injection Vulnerability Analysis
- CVE-2025-41267HIGH
CVE-2025-41267: Waterfall WF-500 TX Host Command Injection Vulnerability
- CVE-2025-41279HIGH
CVE-2025-41279: OS Command Injection in Waterfall WF-500 RX Host Administration WebUI
- CVE-2025-41281HIGH
CVE-2025-41281: Waterfall WF-500 OS Command Injection | HIGH Severity
- CVE-2025-69755HIGH
CVE-2025-69755: Neterbit NW-431F Router RCE and Data Exposure Vulnerability
- CVE-2026-10214HIGH
CVE-2026-10214: Command Injection in chatgpt-on-wechat Bash Tool