VYPR
High severity8.6NVD Advisory· Published May 28, 2026· Updated Jun 3, 2026

CVE-2026-44463

CVE-2026-44463

Description

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zed Industries/Zedinferred2 versions
    <0.229.0+ 1 more
    • (no CPE)range: <0.229.0
    • (no CPE)range: <0.229.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.