CVE-2026-44461
Description
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example via project terminal settings), shell expansions in the key (such as $(...)) are evaluated by the remote shell when a terminal is opened. This can lead to arbitrary command execution on the remote host under the victim user's account. This vulnerability is fixed in 0.227.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unquoted environment variable keys in SSH/WSL remote command building allow attackers to inject arbitrary shell commands in the remote terminal.
Vulnerability
Zed versions prior to 0.227.1 construct SSH and WSL remote terminal commands as a shell command string beginning with exec env .... While environment variable values are shell-quoted, the variable keys are inserted without any shell quoting or validation. This affects SSH remote projects and WSL remote targets. If an attacker can control an environment variable key—for example via project terminal settings that merge into the terminal environment—a malicious key containing shell expansions, such as ZED$(malicious_command), will be evaluated by the remote shell when a terminal is opened. The vulnerability was present in version 0.225.9 and all earlier versions up to the fix [1].
Exploitation
An attacker requires the ability to influence the environment variable keys used in a remote terminal session. In practice, this can be achieved by configuring project terminal settings, which are merged into the terminal environment and later passed to the remote command builder [1]. No network-level access or authentication bypass is needed if the attacker can modify the project settings (e.g., by contributing to a shared project or through a supply-chain compromise). The attack does not require user interaction beyond opening a remote terminal in the affected project.
Impact
Successful exploitation leads to arbitrary command execution on the remote host under the victim user's account. The injected shell commands run with the same privileges as the user who opens the remote terminal, enabling the attacker to execute code, exfiltrate data, or persist access on the remote host [1]. This constitutes a high-severity OS command injection (CWE-78).
Mitigation
The vulnerability is fixed in Zed version 0.227.1, released on an unspecified date [1]. Users should update to this version or later. No workaround is documented; users are advised to avoid opening remote terminal sessions in projects where untrusted users may control environment variable keys [1]. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date.
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<0.227.1+ 1 more
- (no CPE)range: <0.227.1
- (no CPE)range: <0.227.1
Patches
19f9b707d39d6v0.227.x stable
1 file changed · +1 −1
crates/zed/RELEASE_CHANNEL+1 −1 modified@@ -1 +1 @@ -preview \ No newline at end of file +stable \ No newline at end of file
Vulnerability mechanics
Root cause
"Missing shell quoting or validation of environment variable keys when building remote shell command strings allows shell expansions in keys to be evaluated."
Attack vector
An attacker who can control an environment variable key (for example via a malicious project's `.zed/settings.json` file setting `terminal.env`) can inject shell metacharacters such as `$(...)` into the key name [ref_id=1]. When Zed opens a remote SSH or WSL terminal, it constructs a command string like `exec env KEY=VALUE program args...` where the key is written directly without quoting [ref_id=1]. The remote shell evaluates the command substitution in the key before `exec env` runs, achieving arbitrary command execution on the remote host under the victim user's account [ref_id=1]. The attack requires the victim to open a remote project in Zed and launch a terminal, but no authentication or special privileges beyond that user interaction are needed (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
Affected code
The vulnerability exists in the SSH remote command builder (`crates/remote/src/transport/ssh.rs` lines 1612-1620) and the WSL remote command builder (`crates/remote/src/transport/wsl.rs` lines 445-453) [ref_id=1]. The relevant logic writes `exec env KEY=VALUE ...` where the key is inserted without shell quoting or validation [ref_id=1]. The reachable path flows from project terminal settings (`crates/terminal/src/terminal_settings.rs` lines 34, 79-85, 101) through the remote terminal caller (`crates/project/src/terminals.rs` lines 541-554, 621-626) into `build_command(...)` [ref_id=1].
What the fix does
The patch [patch_id=2961926] fixes the issue by validating environment variable keys against a strict identifier pattern before they are interpolated into the shell command string. Keys that do not match the expected pattern (e.g., those containing `$`, backticks, semicolons, spaces, or `=`) are rejected. This approach is preferred over shell-specific quoting because environment variable names have a narrow valid character set, making validation simpler and less error-prone than escaping arbitrary key strings [ref_id=1]. The fix is applied in the SSH POSIX command builder and WSL command builder paths, and was released in Zed v0.227.1 [ref_id=1].
Preconditions
- configVictim must open a remote SSH or WSL project in Zed
- inputAttacker must be able to control an environment variable key, e.g. via a malicious .zed/settings.json file in the project
- inputVictim must open a new integrated terminal in the remote project
- configRemote host must use a POSIX shell (e.g. /bin/bash)
Reproduction
1. Open a remote SSH project in Zed v0.225.9 (not a local folder) on a remote host using a POSIX shell. 2. Create `.zed/settings.json` in the project root with: `{"terminal": {"env": {"ZED$(touch /tmp/zed_remote_env_key_injection)": "1"}}}`. 3. Close existing terminal tabs and open a new integrated terminal in the remote project. 4. Verify: `ls -l /tmp/zed_remote_env_key_injection` should show the file was created, proving command execution [ref_id=1].
Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.