CVE-2026-25805

Medium CVSS: 6.4

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.

Vendor

Zed

Product

Zed

CWE

CWE-356

Yayın Tarihi

2026-02-10 18:16:38

Güncelleme

2026-02-19 15:08:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-356 Zed MEDIUM Zed 2026

Referanslar

https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq

Benzer Kayıtlar

High

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `e…

High

CVE-2026-27976

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`…

High

CVE-2026-27800

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionali…

High

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads La…

High

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Mo…