HarborGuard / CVE
Back to search
HIGHCVE-2026-44461Published Modified CNA GitHub_M

CVE-2026-44461: Zed: Remote Command Injection via Unquoted Environment Variable Keys (SSH / WSL Remote)

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example via project terminal settings), shell expansions in the key (such as $(...)) are evaluated by the remote shell when a terminal is opened. This can lead to arbitrary command execution on the remote host under the victim user's account. This vulnerability is fixed in 0.227.1.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Remote command injection in Zed, the code editor, allows an attacker who can influence environment variable keys in project terminal settings to inject shell metacharacters into an SSH or WSL remote command string. The attack requires local access to the victim's machine and a single user interaction (opening a terminal), but no authentication against Zed itself, and a successful exploit achieves arbitrary command execution on the remote host under the victim's account. No fix version has been published yet; HarborGuard is tracking the upstream advisory and will make a patched-image rebuild available as soon as one is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-44461 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the Zed editor or its components. Any image carrying a vulnerable version of the zed package is flagged immediately on next scan or pipeline run.

Available
Triage

Triage is available with the CVSS v3.1 score of 8.6 (HIGH) applied to every matched finding, weighted against each customer organization's compliance policy to determine urgency. Findings are routed to the appropriate team inbox within the customer's HarborGuard workspace based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is released by zed-industries. For customers with auto-remediation enabled, the rebuild, regression test run, and a PR against affected workloads will be initiated without manual intervention once the upstream patch becomes available.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no over-the-network access to Zed itself is required to plant the malicious environment variable key.

  • AuthenticationNot required

    No authentication credential against Zed or its settings interface is required; any party able to influence the project terminal settings can insert a malicious key.

  • Victim interactionRequired

    The victim must open a remote terminal session in Zed, which triggers evaluation of the injected shell expression by the remote shell.

  • Attack complexityDetail

    Exploit reliability is high and condition-free once the malicious key is in place; no race condition, memory-layout dependency, or environmental timing is needed.

Blast Radius

  • Executes arbitrary shell commands on the remote host (SSH or WSL target) under the victim user's account, giving the attacker full control of any process the victim can spawn.
  • Reads any file accessible to the victim user on the remote host, including source code, credentials, SSH private keys, and configuration secrets stored in the project directory or home directory.
  • Writes or modifies files on the remote host under the victim's permissions, including source files, shell rc scripts, and SSH authorized_keys, enabling persistence.
  • Crashes or disrupts processes running under the victim's account on the remote host by terminating services or corrupting state files.

How HarborGuard Handles This

Available on HarborGuard: scanning for CVE-2026-44461 is active across all customer pipelines and registries, flagging any image that bundles a vulnerable version of Zed. Because no upstream fix has been published yet, HarborGuard monitors the zed-industries advisory on every ingest cycle. The moment zed-industries publishes a patched release, a rebuilt image at that version becomes available; for customers with auto-remediation enabled, HarborGuard will initiate the rebuild, run regression tests, and open a PR against affected workloads without manual steps. In the interim, compensating controls worth considering include restricting write access to Zed project terminal settings files (for example via filesystem ACLs or read-only volume mounts in container environments), isolating remote-capable Zed containers behind strict network policy to limit the blast radius of any spawned command, and auditing project configuration files for unexpected environment variable keys as part of your existing supply-chain review process.

See how HarborGuard automates this

Metrics

CVSS v3.1
8.6
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • zed-industries / zed
    < 0.227.1
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References