CVE-2026-44465: Zed IDE Remote Code Execution via Malicious .git/config
Zed, a modern code editor, contains a critical vulnerability that allows attackers to execute arbitrary commands on a user's system. The flaw exists in how Zed handles Git configuration files when opening project folders. Specifically, attackers can craft a malicious .git/config file that abuses Git's core.fsmonitor setting to trigger code execution. When a user opens a folder containing this malicious configuration in untrusted mode, the attacker's commands run with the user's privileges. This is a local attack vector requiring user interaction, but the impact is severe: full system compromise including data theft, modification, and denial of service.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.6 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-78
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-44465 is a command injection vulnerability in Zed IDE versions prior to 0.227.1. The vulnerability stems from improper validation of the core.fsmonitor Git configuration option within a repository's .git/config file. Git's fsmonitor feature allows specifying a custom file system monitor command, and Zed fails to sanitize this input before execution. An attacker can embed shell metacharacters or arbitrary executables in the core.fsmonitor value; when Zed parses the configuration during folder opening, it executes the attacker-controlled command. The attack succeeds even when the user opens the folder in untrusted mode, suggesting the vulnerability bypasses or exists alongside untrusted mode protections. The underlying issue is classified as CWE-78 (OS Command Injection).
Business impact
Development teams using Zed face immediate risk of supply-chain compromise. An attacker could distribute a public repository or project with a poisoned .git/config, targeting developers who clone and open it. Compromised developer machines become entry points for lateral movement into corporate networks, theft of credentials, source code, and intellectual property. For software vendors, this creates risk that builds or releases could be tampered with if a developer's machine is compromised. Organizations must assume any code committed or built after a developer opened a malicious repository may be tainted. Incident response, forensics, and potential software recalls represent significant business costs.
Affected systems
Zed IDE versions prior to 0.227.1 are vulnerable. The attack requires local file system access (the attacker must place or the user must obtain a malicious .git/config file) combined with user interaction (opening a folder). Users on all operating systems supported by Zed are at risk, as the vulnerability is in Zed's core Git handling logic, not OS-specific. Users running Zed 0.227.1 or later are not affected.
Exploitability
Exploitability is moderate to high. The attack vector is local and requires user interaction, which typically lowers exploitability scores. However, the mechanism of infection—placing a malicious .git/config in a shared repository—is trivial for attackers and highly plausible in real-world scenarios. Developers routinely clone repositories from GitHub, GitLab, and other sources without deep inspection of .git/config files. No special privileges are required on the attacker side; any contributor or account takeover on a public repository suffices. The barrier to weaponization is minimal. The CVSS 3.1 score of 8.6 (HIGH) reflects the severe impact (confidentiality, integrity, and availability all compromised across system boundaries) despite the local attack vector and user interaction requirement.
Remediation
Immediate action: Update Zed to version 0.227.1 or later. Verify the update through official Zed channels (e.g., zed.dev or the official repository) to prevent supply-chain attacks during remediation itself. For users unable to update immediately, workarounds are limited but include: avoiding opening untrusted repositories in Zed until patched, or reviewing .git/config files in any folder before opening it in Zed (inspect core.fsmonitor entries for suspicious content). However, these are not reliable long-term mitigations and should not substitute for patching.
Patch guidance
Zed 0.227.1 addresses this vulnerability. Users should update through Zed's built-in update mechanism if available, or download the latest release from the official Zed website. Verify the version after updating by checking Zed's About dialog or running `zed --version` from the command line. Development teams should enforce minimum version policies through configuration management or lock files if applicable. Consider communicating the patch requirement to all developers in your organization, emphasizing the RCE risk. Rollout should prioritize developers who regularly open external or third-party repositories.
Detection guidance
Review Zed version numbers across your development environment using asset inventory or by querying developer machines. Identify machines running versions prior to 0.227.1. Look for evidence of compromise on machines that opened untrusted repositories: inspect process logs, command history, and shell startup files (.bashrc, .zshrc, etc.) for suspicious commands injected around the time the repository was opened. Monitor Git logs within the repository for unexpected commits or changes. Examine .git/config files in repositories opened on vulnerable Zed versions for unusual core.fsmonitor entries. If a developer opened a repository with a malicious config on a vulnerable Zed version, treat the developer's machine as potentially compromised and initiate incident response procedures.
Why prioritize this
This vulnerability merits immediate attention due to its HIGH CVSS score (8.6), the severe impact of RCE, and the low barrier to exploitation via shared repositories. While local access and user interaction are required, these are easily satisfied in development workflows. The lack of KEV listing does not indicate low priority; rather, vigilance is warranted before widespread exploitation. Development teams are high-value targets for supply-chain attacks, making this vulnerability particularly relevant to security leaders managing developer tool supply chains. Delayed patching increases the window for targeted attacks.
Risk score, explained
The CVSS 3.1 score of 8.6 (HIGH) reflects: Attack Vector (Local) and Attack Complexity (Low) indicate the attack is straightforward once a malicious .git/config reaches the target. Privileges Required (None) and User Interaction (Required) mean any user can be targeted and must only perform a normal action (opening a folder). The impact metrics—Confidentiality, Integrity, and Availability all High—and Scope Change (Changed) indicate the attacker achieves full system compromise affecting resources beyond Zed itself. The score appropriately captures that while the attack requires local presence and user action, the resulting damage is severe and affects the entire system.
Frequently asked questions
Can I safely open untrusted repositories in Zed 0.227.0 or earlier?
No. The vulnerability exists even when opening folders in untrusted mode, so standard Zed safety features do not mitigate this risk. Update to 0.227.1 or later before opening any external or untrusted repositories.
What should I do if my team has already opened external repositories in an older version of Zed?
Treat affected developer machines as potentially compromised. Review the developer's activity logs, check for unexpected processes or network connections around the time they opened the repository, and consider credential rotation for any accounts used on that machine. Consult your incident response team if any suspicious activity is found.
Does this vulnerability affect other code editors or Git tools?
This specific vulnerability is exclusive to Zed IDE and its handling of Git configuration. Other editors like VS Code, Sublime Text, and command-line Git may have similar risks, but they are separate issues. Check advisories for your specific tools.
If I only work with private repositories on GitHub, am I safe?
You are at lower risk, but not zero. The threat depends on how many contributors have access to your private repositories and whether any of their accounts or machines have been compromised. Additionally, if developers clone internal repositories to personal machines or access them outside your organization's network, the risk profile changes. Patching Zed remains the safest course.
This analysis is based on the CVE record and publicly available information as of the publication date. No exploit code or proof-of-concept is provided. Users are responsible for verifying patch availability and compatibility with their environment before deploying updates. Verify all patch version numbers and availability through official Zed channels. This analysis is for informational purposes and does not constitute legal, compliance, or formal security advice. Organizations should conduct their own risk assessment and testing appropriate to their environment. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44461HIGHZed Remote Code Execution via SSH/WSL Environment Variable Injection
- CVE-2026-44463HIGHZed Code Editor Terminal Permission Bypass (CVSS 8.6)
- CVE-2026-44466HIGHZed Code Editor Terminal Permission Bypass via Bash Arithmetic Expansion
- CVE-2025-41265HIGHWaterfall WF-500 TX Host OS Command Injection (CVSS 7.2)
- CVE-2025-41266HIGHWaterfall WF-500 TX Host Command Injection Vulnerability Analysis
- CVE-2025-41267HIGHWaterfall WF-500 TX Host Command Injection Vulnerability
- CVE-2025-41279HIGHOS Command Injection in Waterfall WF-500 RX Host Administration WebUI
- CVE-2025-41281HIGHWaterfall WF-500 OS Command Injection