All 7 CVE vulnerabilities found in zed, with AI-generated Chinese analysis, references, and POCs.
Vendor: zed-industries
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27976 | Zed Extension Sandbox Escape via Tar Symlink Following CWE-61 | 8.8 | High | 2026-02-25 |
| CVE-2026-27967 | Symlink Escape in Agent File Tools CWE-59 | 7.1 | High | 2026-02-25 |
| CVE-2026-27800 | Zed has Zip Slip Path Traversal in Extension Archive Extraction CWE-22 | 7.4 | High | 2026-02-25 |
| CVE-2026-25805 | Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning. CWE-356 | 6.4 | Medium | 2026-02-10 |
| CVE-2025-68433 | Zed IDE MCP Context Server Configuration Arbitrary Code Execution CWE-77 | 7.8 | High | 2025-12-17 |
| CVE-2025-68432 | Zed IDE LSP Binary Configuration Arbitrary Code Execution CWE-77 | 7.8 | High | 2025-12-17 |
| CVE-2025-55012 | Zed AI Agent Remote Code Execution CWE-288 | 8.4AI | HighAI | 2025-08-11 |
All 7 known CVE vulnerabilities affecting zed with full Chinese analysis, references, and POCs where available.