CVE-2026-44463EPSS p11.0%

CVE-2026-44463CVE-2026-44463

zed / zed

Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

Scoring

CVSS 8.6 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.21% probability of exploitation · percentile 11.0% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-44462
CVE
CVE-2026-44466
CVE
CVE-2026-44461
CVE
CVE-2026-44465
CVE
CVE-2026-25805
CVE
CVE-2026-27976
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.