PT-2026-39600 · Canonical+2 · Zed
Lociko
·
Published
2026-05-11
·
Updated
2026-05-28
·
CVE-2026-44465
CVSS v3.1
8.6
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zed versions prior to 0.227.1
Description
Zed IDE allows Remote Code Execution (RCE) when a user opens a folder in untrusted mode. The issue occurs when a folder contains a malicious
.git/config file that abuses the core.fsmonitor Git configuration option, leading to the execution of arbitrary commands.Recommendations
Update to version 0.227.1.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zed