ГлавнаяУязвимости → CVE-2026-44463
8.6высокая

CVE-2026-44463

Описание

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

Затрагиваемое ПО
Zed Zed
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Источники
https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg