CVE-2026-25805 - Vulnerability Details

- Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.

Description

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.

Published: 2026-02-10

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Zed Editor versions prior to 0.219.4 do not display the parameters supplied to a tool when a user is asked for permission, nor does it display them after the tool is invoked. As a result, a tool could be run with malicious or unintended values and the user would have no opportunity to detect or correct the misuse, which could compromise the integrity of the code base. This weakness is classified as CWE‑356, the unsafe use of information.

Affected Systems

The vulnerability affects the Zed code editor developed by zed‑industries. Any installation of Zed before version 0.219.4 is susceptible to this issue; later releases contain an expandable view of tool call details that mitigates the problem.

Risk and Exploitability

The CVSS base score of 6.4 indicates moderate severity, while the EPSS score of less than 1 % suggests a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require the attacker to convince a user to approve a tool invocation within a collaborative session, or to embed the malicious tool call inside shared code. The user must manually inspect parameters, which is currently not possible due to the missing UI feedback. Low EPSS and the need for user interaction together imply that the real-world risk is limited, but the potential impact remains significant for developers relying on tool integration.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

zed-industries

zed

affected

Version	Status	Constraints
`< 0.219.4`	affected	—

Configuration 1 [-]

cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Zed-industries

Zed

—

Version	Status	Scheme	Platform
`[0,0.219.4)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Zed Editor to version 0.219.4 or later, which adds expandable tool call details to the interface.
Review recent tool calls to ensure that parameters being passed match intended values; when an upgrade is not immediately possible, manually verify parameters before accepting tool requests.
Educate users about the vulnerability: advise them to question unexpected tool calls or unfamiliar parameter values, and to confirm that the values displayed match what they expected.

Generated by OpenCVE AI on April 17, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq

History

Thu, 19 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zed Zed zed
CPEs		cpe:2.3:a:zed:zed::::::::
Vendors & Products		Zed Zed zed

Tue, 10 Feb 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zed-industries Zed-industries zed
Vendors & Products		Zed-industries Zed-industries zed

Tue, 10 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.
Title		Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.
Weaknesses		CWE-356
References		https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Zed Zed

Zed-industries Zed

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-10T17:27:49.390Z

Updated: 2026-02-10T19:20:11.990Z

Reserved: 2026-02-05T19:58:01.641Z

Link: CVE-2026-25805

Vulnrichment

Updated: 2026-02-10T19:20:02.772Z

NVD

Status : Analyzed

Published: 2026-02-10T18:16:38.200

Modified: 2026-02-19T15:08:32.990

Link: CVE-2026-25805

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T20:45:25Z

Weaknesses

CWE-356

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object