CVE-2026-44466
EUVD-2026-3294028.05.2026, 17:16
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zed | zed | 𝑥 < 0.229.0 |
𝑥
= Vulnerable software versions