Zed, a code editor, has a flaw in its terminal tool permission system that was present in all releases before 0.229.0. The flaw allows an attacker to prepend environment variable assignments to an allowlisted command. Because the permission system ignores these assignments, the command is executed with the altered environment, effectively hijacking program behavior such as the PAGER variable and enabling execution of arbitrary code. This is a classic example of a command injection weakness (CWE‑78) with additional pitfalls in how allowlists are evaluated (CWE‑184). The impact is that any user who can launch Zed and craft the command string can run arbitrary commands with the privileges of the Zed process, compromising confidentiality, integrity, and availability of the host.

All versions of the Zed application released by Zed Industries prior to 0.229.0 are affected. The vulnerability is mitigated in version 0.229.0 and later.

The CVSS score of 8.6 indicates a high-risk vulnerability. Although the EPSS score is not available and the issue is not listed in CISA’s KEV catalog, the severity and the lack of notable countermeasures suggest that the bug could be actively exploited by users with local access to the system. The likely attack vector is local, relying on the ability to start Zed and supply a crafted command string. An attacker can therefore achieve arbitrary command execution on the host machine.