CVE-2026-27800

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*

History

04 Mar 2026, 03:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:zed:zed::::::::
First Time		Zed zed Zed
References	~~() https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr -~~	() https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr - Vendor Advisory, Exploit

27 Feb 2026, 14:06

Type	Values Removed	Values Added
Summary		(es) Zed, un editor de código, presenta una vulnerabilidad de Zip Slip (salto de ruta) en su funcionalidad de extracción de archivos de extensión anterior a la versión 0.224.4. La función 'extract_zip()' en 'crates/util/src/archive.rs' no valida los nombres de archivo de las entradas ZIP en busca de secuencias de salto de ruta (por ejemplo, '../'). Esto permite que una extensión maliciosa escriba archivos fuera de su directorio sandbox designado al descargar y extraer un archivo ZIP manipulado. La versión 0.224.4 soluciona el problema.

26 Feb 2026, 00:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-26 00:16

Updated : 2026-03-04 03:16

NVD link : CVE-2026-27800

Mitre link : CVE-2026-27800

CVE.ORG link : CVE-2026-27800

JSON object : View

Products Affected

zed

zed

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-27800", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2026-02-26T00:16:25.590", "references": [{"url": "https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr", "tags": ["Vendor Advisory", "Exploit"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue."}, {"lang": "es", "value": "Zed, un editor de c\u00f3digo, presenta una vulnerabilidad de Zip Slip (salto de ruta) en su funcionalidad de extracci\u00f3n de archivos de extensi\u00f3n anterior a la versi\u00f3n 0.224.4. La funci\u00f3n 'extract_zip()' en 'crates/util/src/archive.rs' no valida los nombres de archivo de las entradas ZIP en busca de secuencias de salto de ruta (por ejemplo, '../'). Esto permite que una extensi\u00f3n maliciosa escriba archivos fuera de su directorio sandbox designado al descargar y extraer un archivo ZIP manipulado. La versi\u00f3n 0.224.4 soluciona el problema."}], "lastModified": "2026-03-04T03:16:37.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zed:zed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63C50DD7-F03F-4305-94DE-F5BFF201BA6A", "versionEndExcluding": "0.224.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}