CVE-2026-44465

Source
https://cve.org/CVERecord?id=CVE-2026-44465
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44465.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44465
Aliases
  • GHSA-fj2r-rmw6-h222
Downstream
Published
2026-05-28T16:10:58.198Z
Modified
2026-07-08T08:13:27.522780313Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config
Details

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44465.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-78"
    ]
}
References

Affected packages

Git / github.com/zed-industries/zed

Affected ranges

Type
GIT
Repo
https://github.com/zed-industries/zed
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.227.1"
        }
    ]
}

Affected versions

Other
benchmark-m4
collab-production
collab-staging
extension-cli
extension-workflows
nightly
vConradTest
collab-v0.*
collab-v0.10.0
collab-v0.11.0
collab-v0.12.0
collab-v0.12.1
collab-v0.12.4
collab-v0.12.5
collab-v0.13.0
collab-v0.13.1
collab-v0.14.0
collab-v0.14.1
collab-v0.14.2
collab-v0.15.0
collab-v0.16.0
collab-v0.17.0
collab-v0.18.0
collab-v0.19.0
collab-v0.2.0
collab-v0.2.1
collab-v0.2.2
collab-v0.2.3
collab-v0.2.4
collab-v0.2.5
collab-v0.20.0
collab-v0.21.0
collab-v0.22.0
collab-v0.22.1
collab-v0.23.0
collab-v0.23.1
collab-v0.23.2
collab-v0.23.3
collab-v0.24.0
collab-v0.25.0
collab-v0.26.0
collab-v0.27.0
collab-v0.29.0
collab-v0.29.1
collab-v0.3.0
collab-v0.3.1
collab-v0.3.3
collab-v0.3.4
collab-v0.30.0
collab-v0.30.1
collab-v0.31.0
collab-v0.32.0
collab-v0.33.0
collab-v0.34.0
collab-v0.35.0
collab-v0.36.0
collab-v0.36.1
collab-v0.37.0
collab-v0.38.0
collab-v0.39.0
collab-v0.4.0
collab-v0.4.1
collab-v0.4.2
collab-v0.40.0
collab-v0.40.1
collab-v0.41.0
collab-v0.42.0
collab-v0.42.1
collab-v0.43.0
collab-v0.44.0
collab-v0.5.0
collab-v0.5.1
collab-v0.5.2
collab-v0.5.3
collab-v0.5.4
collab-v0.6.0
collab-v0.6.1
collab-v0.6.2
collab-v0.7.0
collab-v0.7.1
collab-v0.7.2
collab-v0.8.0
collab-v0.8.1
collab-v0.8.2
collab-v0.8.3
collab-v0.9.0
v0.*
v0.1
v0.10
v0.10.1
v0.11
v0.11.0
v0.12
v0.13
v0.13.1
v0.14
v0.14.1
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.19.0
v0.2
v0.2.1
v0.2.2
v0.20
v0.20.0
v0.21.0
v0.22.0
v0.227.0-pre
v0.23.0
v0.24.0
v0.24.1
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.28.1
v0.29.0
v0.3
v0.3.1
v0.30.0
v0.31.0
v0.32.0
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.36.1
v0.37.0
v0.38.0
v0.39.0
v0.4
v0.40.0
v0.41.0
v0.42.0
v0.43.0
v0.44.0
v0.44.1
v0.45.0
v0.46.0
v0.47.0
v0.47.1
v0.48.0
v0.48.1
v0.49.0
v0.49.1
v0.5
v0.51.0
v0.51.1
v0.52.0
v0.53.0
v0.53.1
v0.54.0
v0.54.1
v0.55.0
v0.56.0
v0.57.0
v0.58.0
v0.59.0
v0.6
v0.60.0
v0.60.1
v0.60.2
v0.60.3
v0.60.4
v0.61.0
v0.7
v0.8.0
v0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44465.json"