CVE-2026-44463
Zed, a modern code editor, contains a security flaw in how it controls which programs can run in the integrated terminal. An attacker can bypass these permission restrictions by sneaking environment variable assignments into commands that are supposed to be allowed. By manipulating variables like PAGER, an attacker can redirect the editor to run malicious code when it attempts to display output. This affects Zed versions before 0.229.0 and is resolved in that release.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.6 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-184, CWE-78
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-44463 exploits insufficient validation in Zed's terminal tool permission enforcement mechanism. The vulnerability stems from the failure to properly sanitize command-line input before execution. An attacker can prepend environment variable assignments (e.g., PAGER=/path/to/malicious/script) to allowlisted terminal commands, causing the editor to execute arbitrary code with the privileges of the user running Zed. The flaw combines improper input handling (CWE-184) with OS command injection (CWE-78), allowing full circumvention of the intended security model.
Business impact
This vulnerability enables local attackers to achieve arbitrary code execution on developer workstations running Zed. In a software development environment, compromised developer machines can lead to supply chain attacks, theft of source code, unauthorized access to credentials stored in the editor or shell history, and injection of malicious code into repositories. Organizations using Zed as their primary editor face elevated risk if their development teams work on sensitive or customer-facing projects.
Affected systems
Zed versions prior to 0.229.0 are vulnerable. The flaw affects all platforms on which Zed runs (Linux, macOS, Windows) since the terminal permission system is platform-independent. Users running Zed 0.229.0 or later are not affected. The vulnerability requires local access to the affected system; it cannot be exploited remotely.
Exploitability
Exploitation requires local access and user interaction—the victim must invoke or use a Zed terminal command that is whitelisted. The attack vector is local and does not require elevated privileges to initiate. Once a user opens the terminal or runs a monitored command, an attacker with shell access or malicious script injection capability can craft a payload that bypasses the permission system. The CVSS score of 8.6 (HIGH) reflects the high impact (complete confidentiality, integrity, and availability compromise) despite the local and user-interaction requirements.
Remediation
Update Zed to version 0.229.0 or later. This release patches the terminal permission validation logic to properly reject or isolate environment variable assignments in command input. Users should verify their installed version and apply the update through Zed's built-in update mechanism or by downloading the latest release from the official Zed repository. No workarounds are available for earlier versions; patching is the only remediation.
Patch guidance
Visit the Zed GitHub repository or official download page and download version 0.229.0 or the latest stable release. Most installations support in-app updates; check the Help or Settings menu for an update option. Verify the patch by confirming the version number in Zed's About dialog or via the command line (zed --version). Coordinate patching with your development team to ensure continuity; the patch does not require special configuration changes.
Detection guidance
Monitor for suspicious environment variable assignments in shell history or terminal command logs on systems running Zed versions before 0.229.0. Look for patterns such as PAGER=, LD_PRELOAD=, or similar environment hijacking attempts in terminal input. Review Zed's terminal command logs if available. Alert on instances where Zed spawns child processes with unusual environment variables. Endpoint detection and response (EDR) tools should flag unexpected code execution originating from Zed processes, particularly spawning shells or interpreters.
Why prioritize this
This vulnerability merits HIGH priority due to its impact on developer workstations, the critical role of the development environment in organizational security, and the ease of exploitation for local attackers. The LOCAL attack vector and USER interaction requirement reduce urgency compared to remote exploits, but the CRITICAL impact (arbitrary code execution with full system compromise) and high CVSS score (8.6) justify rapid patching. Organizations should prioritize Zed instances in their patch schedules, particularly on machines handling sensitive code or credentials.
Risk score, explained
The CVSS 3.1 score of 8.6 reflects: LOCAL attack vector (requires system access), LOW attack complexity (straightforward exploitation via environment variables), NO privileges required, USER interaction necessary (user must invoke the terminal), CHANGED scope (compromise extends beyond Zed itself to the underlying system), and HIGH impact across confidentiality, integrity, and availability. The score appropriately captures the threat posed by reliable local code execution on developer systems, though it does not account for supply chain or downstream compromise risk, which may elevate real-world concern.
Frequently asked questions
What versions of Zed are vulnerable?
All versions prior to 0.229.0 are vulnerable. Zed 0.229.0 and later include the security fix. Check your installed version via Zed's About dialog or by running 'zed --version' from the command line.
Can this vulnerability be exploited remotely?
No. The attack vector is LOCAL, meaning an attacker must have access to the same system running Zed. Remote attackers cannot exploit this flaw directly, though a compromised development machine could serve as a pivot point for further attacks.
What happens if I update Zed to 0.229.0?
The terminal permission validation system is strengthened to reject environment variable assignments prepended to allowlisted commands. You should experience no change in normal editor functionality; only the malicious bypass is prevented. No configuration changes are required.
How can I tell if my organization has been exploited?
Review shell history and terminal logs on developer machines running older Zed versions for signs of environment variable hijacking (PAGER=, LD_PRELOAD=, etc.). Check for unexpected child processes spawned by Zed. If you have EDR tools, query for unusual Zed process behavior. If compromise is suspected, engage your incident response team.
This analysis is based on the official CVE record and vendor advisory. Security teams should verify all patch version numbers and remediation steps against the official Zed release notes and GitHub repository. The information provided is current as of the publication date; consult official sources for the latest guidance. No exploit code or proof-of-concept is provided. Organizations should conduct internal testing of patches in non-production environments before broad deployment. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44461HIGH
CVE-2026-44461: Zed Remote Code Execution via SSH/WSL Environment Variable Injection
- CVE-2026-44462MEDIUM
CVE-2026-44462: Zed Terminal Permission Bypass via Bash Variable Expansion
- CVE-2025-41265HIGH
CVE-2025-41265: Waterfall WF-500 TX Host OS Command Injection (CVSS 7.2)
- CVE-2025-41266HIGH
CVE-2025-41266: Waterfall WF-500 TX Host Command Injection Vulnerability Analysis
- CVE-2025-41267HIGH
CVE-2025-41267: Waterfall WF-500 TX Host Command Injection Vulnerability
- CVE-2025-41279HIGH
CVE-2025-41279: OS Command Injection in Waterfall WF-500 RX Host Administration WebUI
- CVE-2025-41281HIGH
CVE-2025-41281: Waterfall WF-500 OS Command Injection | HIGH Severity
- CVE-2025-69755HIGH
CVE-2025-69755: Neterbit NW-431F Router RCE and Data Exposure Vulnerability