CVE-2026-27967

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.225.9

Description A symlink escape issue exists in Zed, a code editor, within the Agent file tools (read file, edit file). This allows reading and writing files outside the project directory when the project contains symbolic links pointing to external paths. This bypasses workspace boundaries and privacy protections (file scan exclusions, private files), potentially exposing sensitive user data to the LLM. The issue allows bypassing the intended workspace boundary and privacy protections.

Recommendations Update to version 0.225.9 or later.