CVE-2026-27976

High CVSS: 8.8

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue.

Vendor

Zed

Product

Zed

CWE

CWE-61

Yayın Tarihi

2026-02-26 00:16:27

Güncelleme

2026-03-05 16:08:38

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-61 Zed HIGH Zed 2026

Referanslar

https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r

Benzer Kayıtlar

High

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `e…

High

CVE-2026-27800

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionali…

Medium

CVE-2026-25805

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, whe…

High

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads La…

High

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Mo…