CVE-2026-25805
Information Disclosure in Zed Editor Due to Missing Parameter Visibility
Publication date: 2026-02-10
Last updated on: 2026-02-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zed | zed | to 0.219.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-356 | The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-25805 is a moderate severity vulnerability affecting Zed Editor versions prior to 0.219.4. The vulnerability exists because Zed does not display the parameter values used when invoking Modular Command Protocol (MCP) tools, neither at the time of user confirmation nor after the tool has been executed.'}, {'type': 'paragraph', 'content': 'This design flaw prevents users from detecting "tool poisoning," a form of indirect prompt injection where an attacker manipulates the AI agent to call tools with malicious or unintended parameter values without the user\'s knowledge.'}, {'type': 'paragraph', 'content': 'As a result, users cannot verify or reject potentially harmful tool invocations since the parameters are not visible in the chat history or confirmation prompts.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can lead to high confidentiality, integrity, and availability risks. An attacker with network access and high privileges can coerce the AI into using specific malicious parameters without the user's knowledge."}, {'type': 'paragraph', 'content': 'This may result in unauthorized data access, data modification, or other harmful actions executed by the AI tools, potentially compromising the security and reliability of the system.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves Zed Editor not displaying the parameters used when invoking MCP tools, which prevents users from detecting malicious or unintended parameter values. Detection relies on verifying whether the Zed Editor version in use is prior to 0.219.4, as those versions lack the feature to show tool call parameters.'}, {'type': 'paragraph', 'content': "Since the vulnerability is related to the application's UI behavior and parameter visibility rather than network traffic patterns, there are no specific network or system commands provided to detect it directly."}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, check the installed Zed Editor version using commands appropriate to your environment, for example:'}, {'type': 'list_item', 'content': 'Run `zed --version` or check the application about page to determine the version.'}, {'type': 'list_item', 'content': 'Review application logs or update history to confirm if version 0.219.4 or later is installed.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Zed Editor to version 0.219.4 or later, which includes a patch that introduces expandable tool call details showing parameter values during tool invocation.
This update enables users to detect and prevent tool poisoning attacks by making parameter values visible both at confirmation and after tool execution.
Additionally, ensure that only trusted MCP servers are used and restrict network access to prevent attackers from coercing the AI into using malicious parameters.
Maintain the principle of least privilege and require user interaction for tool invocations to reduce the risk of exploitation.