CVE-2026-27967 - Vulnerability Details

- Symlink Escape in Agent File Tools

Description

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory** when a project contains symbolic links pointing to external paths. This bypasses the intended workspace boundary and privacy protections (`file_scan_exclusions`, `private_files`), potentially leaking sensitive user data to the LLM. Version 0.225.9 fixes the issue.

Published: 2026-02-25

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability allows an attacker to read and write arbitrary files outside the intended project workspace when the project contains symbolic links that point to locations outside the project directory. The flaw lies in the Agent file tools, specifically the read_file and edit_file functions, and is caused by insufficient validation of file paths, which is identified as CWE‑59. The impact includes disclosure of sensitive data to the integrated language model and accidental modification of critical system files, leading to potential data exfiltration and integrity compromise.

Affected Systems

Affected by Zed Industries’ Zed code editor. Versions prior to 0.225.9 of the agent file tools are vulnerable. The flaw exists in the read_file and edit_file operations when used inside a project that contains symbolic links to paths outside the workspace.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity. The EPSS score is less than 1 %, suggesting a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack can be carried out by supplying a malicious project containing symlinks that point to external files; no network exploitation or elevated privileges are required, so the attack vector is local through the editor’s processing of a symlinked project.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

zed-industries

zed

affected

Version	Status	Constraints
`< 0.225.9`	affected	—

Configuration 1 [-]

cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Zed-industries

Zed

100%

Version	Status	Scheme	Platform
`[0,0.225.9)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to Zed version 0.225.9 or later, which contains the fix for the symlink handling in the agent file tools
Configure the editor or project settings to disallow symbolic links pointing outside the workspace or to explicitly whitelist allowed paths
Before reading or writing files, add a validation step to confirm that the resolved file path remains within the project directory, and reject any operations that resolve to an external path

Generated by OpenCVE AI on April 17, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00008.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/zed-industries/zed/security/advisories/GHSA-786m-x2vc-5235

History

Thu, 05 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zed Zed zed
CPEs		cpe:2.3:a:zed:zed::::::::
Vendors & Products		Zed Zed zed

Sat, 28 Feb 2026 05:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 26 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zed-industries Zed-industries zed
Vendors & Products		Zed-industries Zed-industries zed

Thu, 26 Feb 2026 00:00:00 +0000

Type	Values Removed	Values Added
Description		Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace boundary and privacy protections (`file_scan_exclusions`, `private_files`), potentially leaking sensitive user data to the LLM. Version 0.225.9 fixes the issue.
Title		Symlink Escape in Agent File Tools
Weaknesses		CWE-59
References		https://github.com/zed-industries/zed/security/advisories/GHSA-786m-x2vc-5235
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}`

Subscriptions

Zed Zed

Zed-industries Zed

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-25T23:33:21.477Z

Updated: 2026-02-28T04:55:28.156Z

Reserved: 2026-02-25T03:24:57.793Z

Link: CVE-2026-27967

Vulnrichment

Updated: 2026-02-26T17:05:23.146Z

NVD

Status : Analyzed

Published: 2026-02-26T00:16:27.137

Modified: 2026-03-05T16:10:10.473

Link: CVE-2026-27967

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T14:45:21Z

Weaknesses

CWE-59

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object