CVE-2026-25805

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.219.4

Description Zed, a multiplayer code editor, does not display the parameters used when invoking a tool, both during the allowance request and after invocation. This lack of visibility could allow the use of unwanted or malicious values without the user’s knowledge. The issue concerns tool call details and the potential for tool poisoning.

Recommendations Update to version 0.219.4 or later to benefit from expandable tool call details.