{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27800", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T02:31:33.266Z", "datePublished": "2026-02-25T23:25:45.400Z", "dateUpdated": "2026-02-26T17:04:50.704Z"}, "containers": {"cna": {"title": "Zed has Zip Slip Path Traversal in Extension Archive Extraction", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr"}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"version": "< 0.224.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:25:45.400Z"}, "descriptions": [{"lang": "en", "value": "Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue."}], "source": {"advisory": "GHSA-v385-xh3h-rrfr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T17:04:30.745582Z", "id": "CVE-2026-27800", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:04:50.704Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27800", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T17:04:30.745582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:04:45.432Z"}}], "cna": {"title": "Zed has Zip Slip Path Traversal in Extension Archive Extraction", "source": {"advisory": "GHSA-v385-xh3h-rrfr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"status": "affected", "version": "< 0.224.4"}]}], "references": [{"url": "https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr", "name": "https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:25:45.400Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27800", "state": "PUBLISHED", "dateUpdated": "2026-02-26T17:04:50.704Z", "dateReserved": "2026-02-24T02:31:33.266Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T23:25:45.400Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*", "matchCriteriaId": "63C50DD7-F03F-4305-94DE-F5BFF201BA6A", "versionEndExcluding": "0.224.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue."}, {"lang": "es", "value": "Zed, un editor de c\u00f3digo, presenta una vulnerabilidad de Zip Slip (salto de ruta) en su funcionalidad de extracci\u00f3n de archivos de extensi\u00f3n anterior a la versi\u00f3n 0.224.4. La funci\u00f3n 'extract_zip()' en 'crates/util/src/archive.rs' no valida los nombres de archivo de las entradas ZIP en busca de secuencias de salto de ruta (por ejemplo, '../'). Esto permite que una extensi\u00f3n maliciosa escriba archivos fuera de su directorio sandbox designado al descargar y extraer un archivo ZIP manipulado. La versi\u00f3n 0.224.4 soluciona el problema."}], "id": "CVE-2026-27800", "lastModified": "2026-03-04T03:16:37.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-26T00:16:25.590", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.224.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "zed", "source": "cna", "vendor": "zed-industries"}, "product": "zed", "vendor": "zed-industries"}], "analysis": {"en": {"generated_at": "2026-04-18T10:31:07.651910+00:00", "value": {"mitigation_remediation": ["Upgrade Zed to version 0.224.4 or newer to remove the path traversal flaw.", "Verify that extensions are sourced from trusted developers and not unverified marketplaces.", "Limit extension file system access by disabling write permissions to critical directories or by running Zed in a restricted sandbox mode."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation via Path Traversal"}, "threat_synthesis": {"affected_systems": "Zed code editor from Zed Industries. Versions prior to 0.224.4 are vulnerable; 0.224.4 and later contain the fix.", "description_and_impact": "A Zip Slip bug in Zed\u2019s extension archive extraction allows a malicious extension to write files outside its sandbox by supplying a crafted ZIP archive. This vulnerability is a classic path\u2011traversal flaw (CWE\u201122). When exploited, it could enable the attacker to overwrite critical system files or inject executable code, leading to local privilege escalation or remote code execution if the editor runs with elevated privileges.", "risk_and_exploitability": "The CVSS score of 7.4 indicates high severity, while the EPSS score of less than 1% suggests a very low likelihood of immediate exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitability requires an attacker to supply a malicious extension archive, which can be achieved by distributing a forged extension via the marketplace or phishing. No public exploit has been documented, but the weaponized nature of the flaw warrants prompt attention."}}}}, "created": "2026-02-26T13:10:36.147281+00:00", "updated": "2026-04-18T10:45:43.641816+00:00", "vendors": ["zed-industries", "zed-industries$PRODUCT$zed"]}