CVE-2026-44462
Zed is a popular code editor that includes a terminal tool with permission controls meant to restrict which commands can be executed. Prior to version 0.229.0, an attacker could bypass these restrictions by chaining bash variable expansion syntax—specifically the ${var@P} expansion—to execute arbitrary commands even when they appeared to violate the allowed command prefix rules. This requires user interaction (opening a malicious project or terminal configuration) but grants the attacker code execution within the editor's process context.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.4 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
- Weaknesses (CWE)
- CWE-184
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-44462 exploits improper input validation in Zed's terminal tool permission enforcement mechanism. The vulnerability lies in how the editor validates commands against an allowlist of permitted command prefixes. By leveraging bash parameter expansion with the @P operator, an attacker can construct a command string that passes the prefix validation check but resolves to arbitrary shell commands at execution time. The @P operator performs quote removal and expansion in a way that circumvents simple string-prefix matching. This is classified as CWE-184 (Improper Validation of Specified Quantity in Input), reflecting the inadequate filtering of shell metacharacters and expansion syntax. The fix in 0.229.0 implements stricter validation that accounts for bash expansion chains before command execution.
Business impact
For development teams using Zed, this vulnerability poses a supply-chain and insider-threat risk. If a malicious or compromised project repository includes a .zed/settings.json or similar configuration that exploits this flaw, any team member who opens that project in a vulnerable version of Zed could have arbitrary code executed in their terminal context. This could lead to credential theft, source-code exfiltration, or lateral movement within the organization's network. The impact is amplified in collaborative environments where developers frequently onboard new projects from external sources or untrusted repositories.
Affected systems
Zed versions prior to 0.229.0 are affected. The vulnerability requires the user to interact with the editor and trigger the terminal tool, typically by opening a project with malicious terminal configurations or executing a pre-configured command. Zed users on all supported platforms (macOS, Linux, Windows) running versions before 0.229.0 should be considered at risk if they work with untrusted project configurations.
Exploitability
The exploit requires user interaction—specifically, the user must open a project or configuration that contains the malicious bash expansion syntax. An attacker cannot remotely trigger the vulnerability without first getting a target to load a malicious Zed project or configuration file. However, once loaded, the attack is reliable and does not require complex setup. The CVSS vector (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L) reflects these constraints: network-accessible attack surface, high complexity (bash expansion knowledge required), no privilege requirement, required user interaction, and high confidentiality impact with lower integrity and availability impacts.
Remediation
Update Zed to version 0.229.0 or later immediately. There are no known workarounds for earlier versions other than avoiding the opening of untrusted project configurations and restricting terminal tool access via editor preferences if available. Teams should audit any shared .zed configuration files in version control to ensure they do not contain suspicious or unexplained terminal commands.
Patch guidance
Download and install Zed 0.229.0 or the latest stable release from the official Zed website or your package manager. The update should be straightforward as a standard editor upgrade. Verify the update by checking Help > About or the editor's version indicator. No configuration migration or data loss is expected. Test terminal tool functionality after the upgrade to confirm normal operation.
Detection guidance
Monitor for suspicious bash parameter expansion sequences (${...@P}, ${...@Q}, ${...@E}) in .zed configuration files, settings.json, or terminal command histories. Log terminal invocations from within Zed and look for commands that differ significantly from the declared allowlist. Endpoint detection and response (EDR) tools should flag unexpected child processes spawned by the Zed process, especially those accessing credential stores or executing network connections. Check for unexpected modifications to project-level or user-level Zed configurations in version control commit logs.
Why prioritize this
Although CVE-2026-44462 carries a MEDIUM CVSS score, it merits prompt attention due to its exploitation of trust boundaries in development environments. The vulnerability could serve as an entry point for supply-chain attacks or insider threats targeting source code and credentials. Development teams are high-value targets, and the barrier to exploitation is relatively low for an attacker with knowledge of bash internals. Organizations with strict code-review and repository-governance policies can reduce but not eliminate risk, making patching essential.
Risk score, explained
The CVSS 3.1 score of 6.4 reflects moderate severity with a bias toward confidentiality impact. The high-complexity (AC:H) rating acknowledges that successful exploitation requires knowledge of bash variable expansion and the ability to craft a malicious configuration. The required-user-interaction (UI:R) component reflects the need for a user to open a project containing the payload. However, the high confidentiality impact (C:H) is warranted because once execution is achieved, the attacker can read sensitive files and credentials accessible to the user. The low integrity and availability impacts (I:L, A:L) reflect that the primary goal of such an attack is reconnaissance and data theft rather than system destruction.
Frequently asked questions
Does this vulnerability require special privileges or local access?
No. The vulnerability can be triggered by any user opening a project with a malicious Zed configuration file. An attacker does not need system administrator rights or prior access to the target machine—only the ability to get the target to open a crafted .zed configuration, which can be distributed via git repositories, zip files, or shared drives.
Can the vulnerability be exploited without user interaction?
No. A user must actively open a Zed project or configuration containing the malicious bash expansion payload. However, this interaction is trivial in collaborative development scenarios where teams routinely clone and open shared repositories.
Are there any known public exploits for this vulnerability?
There is no evidence of active exploitation in the wild at the time of this analysis. However, the attack is straightforward enough that security researchers and malicious actors could develop proof-of-concept code once the vulnerability details are public. Prompt patching is critical.
Does the vulnerability affect Zed's core editing functionality?
No. The vulnerability is isolated to the terminal tool feature and its permission system. Users who do not use the integrated terminal or who use only allowlisted, safe commands are at lower immediate risk, but updating is still strongly recommended.
This analysis is provided for informational purposes and reflects publicly available information about CVE-2026-44462 as of the publication date. Security researchers and organizations should verify all technical details against official vendor advisories and patch release notes before making deployment decisions. No exploit code or weaponized proof-of-concept instructions are provided in this document. Patch availability, version numbers, and remediation steps should be confirmed directly with the Zed project maintainers. Organizations are responsible for assessing the risk and impact of this vulnerability within their own environment and applying patches according to their change-management and testing protocols. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44463HIGH
CVE-2026-44463: Zed Code Editor Terminal Permission Bypass (CVSS 8.6)
- CVE-2026-44287MEDIUM
CVE-2026-44287: FastGPT JavaScript Sandbox Bypass and RCE (CVSS 6.3)
- CVE-2026-44461HIGH
CVE-2026-44461: Zed Remote Code Execution via SSH/WSL Environment Variable Injection
- CVE-2018-25384MEDIUM
CVE-2018-25384: Stored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUM
CVE-2018-25387: HaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUM
CVE-2018-25393: Navigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUM
CVE-2018-25397: CSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25421MEDIUM
CVE-2018-25421: Open STA Manager 2.3 Path Traversal File Download Vulnerability