โ† Back to Dashboard

CVE-2026-44462

MEDIUM NVD
CVSS Score
6.4
Severity
MEDIUM
Source
NVD
Published
May 28, 2026
Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0.

View Full Details โ† Back