CVE-2026-44465
Analyzed Analyzed - Analysis Complete
Remote Code Execution in Zed IDE via Malicious Git Config

Publication date: 2026-05-28

Last updated on: 2026-06-02

Assigner: GitHub, Inc.

Description
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-02
Generated
2026-06-18
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-44465
EUVD
EUVD-2026-32937
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zed zed to 0.227.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-44465 is a high-severity vulnerability in the Zed IDE that allows arbitrary code execution when opening a folder containing a malicious .git/config file.

The vulnerability occurs because Zed does not properly sanitize the core.fsmonitor Git configuration option, which can be manipulated to execute arbitrary shell commands.

An attacker can create a poisoned repository with a .git/config file that includes a malicious fsmonitor value, such as a command that triggers a webhook or other harmful actions.

When a victim opens this folder in Zed's untrusted mode, the malicious command executes with the user's privileges, enabling remote code execution (RCE).

This vulnerability affects versions of Zed prior to v0.227.1 and is fixed in version 0.227.1.

Impact Analysis

This vulnerability can lead to remote code execution on your system with your user privileges when you open a folder containing a malicious .git/config file in Zed IDE versions prior to 0.227.1.

An attacker could exploit this by distributing poisoned repositories through Git hosting platforms, shared drives, or archives.

Successful exploitation could result in full system compromise, including unauthorized access, data theft, or further malware installation.

Because the attack complexity is low and no privileges are required to trigger it, the risk is significant.

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious .git/config files in folders opened by Zed IDE, specifically looking for suspicious or unusual core.fsmonitor configuration values that execute shell commands.

Since the vulnerability involves execution of arbitrary commands via the core.fsmonitor Git configuration option, you can scan repositories or folders for .git/config files containing suspicious fsmonitor entries.

  • Use a command like: grep -r --include='.git/config' 'fsmonitor' /path/to/scan
  • Inspect any fsmonitor values that appear to contain shell commands or URLs that could trigger remote requests.

Additionally, monitor network traffic for unexpected outbound requests triggered when opening folders in Zed IDE, which could indicate exploitation attempts.

Mitigation Strategies

The immediate and recommended mitigation step is to update Zed IDE to version 0.227.1 or later, where this vulnerability has been fixed.

Avoid opening folders or repositories from untrusted sources in Zed IDE until the update is applied.

Be cautious when handling repositories or archives from unknown or unverified origins, especially those containing .git/config files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44465. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart