Detections
Analytics

Zed < 0.224.4 Multiple Path Traversal Vulnerabilities

high Nessus Plugin ID 300838

Language:

Synopsis

A code editor installed on the remote host is affected by multiple path traversal vulnerabilities.

Description

The version of Zed installed on the remote host is prior to 0.224.4. It is, therefore, affected by multiple vulnerabilities:

 - A Zip Slip path traversal vulnerability exists in the extension archive extraction functionality. The extract_zip() function fails to validate ZIP entry filenames for path traversal sequences, allowing a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive.
 (CVE-2026-27800)

 - A path traversal vulnerability exists in the extension installer tar extractor. The tar extractor creates symlinks from the archive without validation, and the path guard only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that creates a symlink inside the extension workdir pointing outside, then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. (CVE-2026-27976)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Zed version 0.224.4 or later.

See Also

http://www.nessus.org/u?40dcf12c

http://www.nessus.org/u?1364719b

Plugin Details

Severity: High

ID: 300838

File Name: zed_0_224_4.nasl

Version: 1.3

Type: local

Agent: windows, macosx, unix

Published: 3/5/2026

Updated: 3/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-27976

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-27800

Vulnerability Information

CPE: cpe:/a:zed:zed

Required KB Items: installed_sw/Zed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/25/2026

Vulnerability Publication Date: 2/25/2026

Reference Information

CVE: CVE-2026-27800, CVE-2026-27976