{"api_version":"1","generated_at":"2026-06-03T19:46:48+00:00","cve":"CVE-2026-44463","urls":{"html":"https://cve.report/CVE-2026-44463","api":"https://cve.report/api/cve/CVE-2026-44463.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-44463","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-44463"},"summary":{"title":"Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions","description":"Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-05-28 17:16:29","updated_at":"2026-06-03 01:11:27"},"problem_types":["CWE-78","CWE-184","CWE-184 CWE-184: Incomplete List of Disallowed Inputs","CWE-78 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"8.6","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"8.6","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg","name":"https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg","refsource":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-44463","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44463","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"zed-industries","product":"zed","version":"affected < 0.229.0","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"44463","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"zed","cpe5":"zed","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"44463","cve":"CVE-2026-44463","epss":"0.000310000","percentile":"0.092390000","score_date":"2026-06-02","updated_at":"2026-06-03 00:08:17"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-44463","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-29T03:56:00.411369Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-29T15:15:34.090Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"zed","vendor":"zed-industries","versions":[{"status":"affected","version":"< 0.229.0"}]}],"descriptions":[{"lang":"en","value":"Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-184","description":"CWE-184: Incomplete List of Disallowed Inputs","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-78","description":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-28T16:15:13.826Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg","tags":["x_refsource_CONFIRM"],"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg"}],"source":{"advisory":"GHSA-c3g6-c3ff-69cg","discovery":"UNKNOWN"},"title":"Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-44463","datePublished":"2026-05-28T16:15:13.826Z","dateReserved":"2026-05-06T15:49:25.193Z","dateUpdated":"2026-05-29T15:15:34.090Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-28 17:16:29","lastModifiedDate":"2026-06-03 01:11:27","problem_types":["CWE-78","CWE-184","CWE-184 CWE-184: Incomplete List of Disallowed Inputs","CWE-78 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*","versionEndExcluding":"0.229.0","matchCriteriaId":"43FFFCD4-1330-4357-8965-5097F95B7B98"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"44463","Ordinal":"1","Title":"Zed: Allowlist Bypass via Environment Variable Injection in Term","CVE":"CVE-2026-44463","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"44463","Ordinal":"1","NoteData":"Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.","Type":"Description","Title":"Zed: Allowlist Bypass via Environment Variable Injection in Term"}]}}}