ByteOS Network

CVE Vulnerability Details :

CVE-2026-27967

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-25 Feb, 2026 | 23:33

Updated At-28 Feb, 2026 | 04:55

▼CVE Numbering Authority (CNA)

Symlink Escape in Agent File Tools

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory** when a project contains symbolic links pointing to external paths. This bypasses the intended workspace boundary and privacy protections (`file_scan_exclusions`, `private_files`), potentially leaking sensitive user data to the LLM. Version 0.225.9 fixes the issue.

Affected Products

Vendor

zed-industries

Product

zed

Versions

Affected

< 0.225.9

Problem Types

Type	CWE ID	Description
CWE	CWE-59	CWE-59: Improper Link Resolution Before File Access ('Link Following')

Type: CWE

CWE ID: CWE-59

Description: CWE-59: Improper Link Resolution Before File Access ('Link Following')

Metrics

Version	Base score	Base severity	Vector
3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References

Hyperlink	Resource
https://github.com/zed-industries/zed/security/advisories/GHSA-786m-x2vc-5235	x_refsource_CONFIRM

Hyperlink: https://github.com/zed-industries/zed/security/advisories/GHSA-786m-x2vc-5235

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References