{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27976", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T03:24:57.793Z", "datePublished": "2026-02-25T23:34:40.103Z", "dateUpdated": "2026-02-27T04:55:52.466Z"}, "containers": {"cna": {"title": "Zed Extension Sandbox Escape via Tar Symlink Following", "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "lang": "en", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r"}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"version": "< 0.224.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:34:40.103Z"}, "descriptions": [{"lang": "en", "value": "Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue."}], "source": {"advisory": "GHSA-59p4-3mhm-qm3r", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-27976"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T04:55:52.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27976", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T16:53:58.627944Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:54:05.876Z"}}], "cna": {"title": "Zed Extension Sandbox Escape via Tar Symlink Following", "source": {"advisory": "GHSA-59p4-3mhm-qm3r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"status": "affected", "version": "< 0.224.4"}]}], "references": [{"url": "https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r", "name": "https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:34:40.103Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27976", "state": "PUBLISHED", "dateUpdated": "2026-02-26T16:54:11.223Z", "dateReserved": "2026-02-25T03:24:57.793Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T23:34:40.103Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*", "matchCriteriaId": "63C50DD7-F03F-4305-94DE-F5BFF201BA6A", "versionEndExcluding": "0.224.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue."}, {"lang": "es", "value": "Zed, un editor de c\u00f3digo, tiene un instalador de extensiones que permite descargas tar/gzip. Antes de la versi\u00f3n 0.224.4, el extractor de tar ('async_tar::Archive::unpack') crea enlaces simb\u00f3licos (symlinks) desde el archivo sin validaci\u00f3n, y el protector de rutas ('writeable_path_from_extension') solo realiza comprobaciones de prefijo l\u00e9xico sin resolver enlaces simb\u00f3licos (symlinks). Un atacante puede enviar un tar que primero crea un enlace simb\u00f3lico (symlink) dentro del directorio de trabajo de la extensi\u00f3n apuntando hacia afuera (por ejemplo, 'escape -&gt; /'), luego escribe archivos a trav\u00e9s del enlace simb\u00f3lico (symlink), provocando escrituras en rutas de host arbitrarias. Esto escapa de la sandbox de la extensi\u00f3n y permite la ejecuci\u00f3n de c\u00f3digo. La versi\u00f3n 0.224.4 soluciona el problema."}], "id": "CVE-2026-27976", "lastModified": "2026-03-05T16:08:38.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T00:16:27.293", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit", "Mitigation"], "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-61"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.224.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "zed", "source": "cna", "vendor": "zed-industries"}, "product": "zed", "vendor": "zed-industries"}], "analysis": {"en": {"generated_at": "2026-04-17T14:42:18.676146+00:00", "value": {"mitigation_remediation": ["Upgrade Zed to version 0.224.4 or later.", "If upgrading is not immediately possible, avoid installing extensions from untrusted sources and limit the extension repository to trusted contributors.", "Disable the extension installer feature or block its execution to prevent the exploit while a patch is pending."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via Sandbox Escape"}, "threat_synthesis": {"affected_systems": "All installations of Zed Industries\u2019 Zed code editor that use the extension installation feature and run a version earlier than 0.224.4 are affected. This includes any platform where the editor can unpack user\u2011supplied extensions. Users of 0.224.4 and newer are not vulnerable.", "description_and_impact": "The Zed editor\u2019s extension installer processes tar and gzip archives without validating symlinks. A crafted archive can create a symbolic link inside the extension work folder that points outside the allowed path, such as to the root directory. When the installer extracts files through that link, it writes to arbitrary host filesystem locations. This manipulation bypasses the intended sandbox and allows an attacker to place executable files or modify critical system files, effectively enabling code execution on the host system. The weakness is a classic pathname traversal issue, identified as CWE\u201161.", "risk_and_exploitability": "The vulnerability scores 8.8 on CVSS, indicating a high exploitability and impact. The EPSS score of less than 1% suggests that exploitation activity has been observed at a very low rate so far. It is not listed in the CISA KEV catalog. The attack vector is primarily through a malicious extension download or local file tampering; an attacker who can supply or modify the tar archive passed to the updater could gain write access to arbitrary files, resulting in remote code execution. Because no prerequisite software or elevated privileges are required beyond the ability to install a malicious extension, the risk is moderate to high for users who regularly add third\u2011party extensions."}}}}, "created": "2026-02-26T13:10:34.421872+00:00", "updated": "2026-04-17T14:45:21.038496+00:00", "vendors": ["zed-industries", "zed-industries$PRODUCT$zed"]}