CVE-2026-44463
HIGH NVDCVSS Score
8.6
Severity
HIGH
Source
NVD
Published
May 28, 2026
Description
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.