CVE
CVE-2026-27800
Zed has Zip Slip Path Traversal in Extension Archive Extraction
Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The extract_zip() function in crates/util/src/archive.rs fails to validate ZIP entry filenames for path traversal sequences (e.g., ../). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.4
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
C
H
U
-
Related Resources
No items found.
References
https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27800.json, https://github.com/zed-industries/zed/security/advisories/GHSA-v385-xh3h-rrfr, https://nvd.nist.gov/vuln/detail/CVE-2026-27800
Basic Information
Ecosystem
