How is CVE-2026-44463 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no over-the-network access path is required. Authentication (not-required): No account credentials or privileges of any kind are required to attempt the exploit. Victim interaction (required): A victim must take an action, such as invoking an allowlisted terminal command, for the malicious environment variable injection to take effect. Attack complexity (info): The exploit is reliable and condition-free; no race conditions, special memory layout, or environmental prerequisites need to be arranged.

What is the impact of CVE-2026-44463?

Reads arbitrary files and secrets accessible to the Zed process, including stored credentials, tokens, and source code on disk. Modifies or deletes files and project data within reach of the running editor process. Executes arbitrary code in the context of the victim user, enabling installation of persistent payloads or lateral movement. Crashes or hangs the Zed editor process, disrupting developer workflows and potentially corrupting in-progress work.

Back to search

HIGHCVE-2026-44463Published 2026-05-28Modified 2026-05-29CNA GitHub_M

CVE-2026-44463: Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An authentication-bypass and privilege-escalation flaw affects Zed, the code editor, in versions prior to 0.229.0. The vulnerability is reachable locally and requires no privileges but does require the victim to interact; an attacker can prepend environment variable assignments (for example, overriding PAGER) to allowlisted terminal commands, causing Zed to execute arbitrary code outside the intended permission boundary. Successful exploitation gives the attacker full read, write, and denial-of-service capability over the affected environment. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment a fix version is published upstream.

HarborGuard Coverage

Detection

Detection for CVE-2026-44463 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images containing the zed binary. Any image carrying a vulnerable version of zed-industries/zed below 0.229.0 is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.6 HIGH and weighting it against each customer environment's compliance policy to determine urgency. Triage routing is available to direct the finding to the appropriate team inbox within each customer organization.

Available

Patch

Because no upstream fix version has been published yet, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a qualifying fix version appears. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be initiated without manual intervention once the upstream patch ships.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no over-the-network access path is required.
AuthenticationNot required
No account credentials or privileges of any kind are required to attempt the exploit.
Victim interactionRequired
A victim must take an action, such as invoking an allowlisted terminal command, for the malicious environment variable injection to take effect.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, special memory layout, or environmental prerequisites need to be arranged.

Blast Radius

Reads arbitrary files and secrets accessible to the Zed process, including stored credentials, tokens, and source code on disk.
Modifies or deletes files and project data within reach of the running editor process.
Executes arbitrary code in the context of the victim user, enabling installation of persistent payloads or lateral movement.
Crashes or hangs the Zed editor process, disrupting developer workflows and potentially corrupting in-progress work.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively tracked and every image containing a vulnerable version of zed-industries/zed is flagged on ingestion. Because no fix version has been published, HarborGuard will continue re-evaluating the advisory each ingest cycle and will make a patched-image rebuild available immediately once an upstream fix ships. For customers with auto-remediation enabled, that rebuild will trigger a regression-test run and open a PR against affected workloads without manual steps. In the interim, compensating controls worth considering include network-policy isolation to restrict what processes the Zed container can reach, egress filtering to limit outbound connections from compromised editor sessions, and disabling or restricting the terminal tool permission feature via configuration flag if the deployment does not require it.

See how HarborGuard automates this

CVSS v3.1: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

zed-industries / zed
< 0.229.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg