Aaronportnoy

**Name of the Vulnerable Software and Affected Versions** Zed versions prior to 0.218.2-pre **Description** The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol (LSP) configurations from the `settings.json` file within a project’s `.zed` subdirectory. A malicious LSP configuration can contain arbitrary shell commands that execute on the host system with the privileges of the user running the IDE. This can be triggered when a user opens a project file with an LSP entry. An attacker could potentially seed a project settings file (`./zed/settings.json`) with malicious language server configurations, leading to arbitrary code execution with the user's privileges when the project is opened in Zed without review. **Recommendations** Versions prior to 0.218.2-pre should be updated to version 0.218.2-pre or later. Carefully review the contents of project settings files (`./zed/settings.json`) before opening new projects in Zed.

**Name of the Vulnerable Software and Affected Versions** Zed versions prior to 0.218.2-pre **Description** The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol (MCP) configurations. These configurations, found in the `settings.json` file within a project’s `.zed` subdirectory, can contain arbitrary shell commands. These commands execute on the host system with the privileges of the user running the IDE, potentially triggered automatically upon opening a project. The vulnerability stems from the IDE loading MCP configurations without proper validation. **Recommendations** Versions prior to 0.218.2-pre should be updated to version 0.218.2-pre or later. Carefully review the contents of project settings files (`./zed/settings.json`) before opening new projects in Zed.