CVE-2026-25805
Published: 10 February 2026
Summary
CVE-2026-25805 is a medium-severity Product UI does not Warn User of Unsafe Actions (CWE-356) vulnerability in Zed Zed. Its CVSS base score is 6.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 20.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-3 (Content of Audit Records).
Deeper analysis
CVE-2026-25805 affects Zed, a multiplayer code editor, in versions prior to 0.219.4. The vulnerability stems from the application's failure to display the parameters used when invoking tools, both at the time of requesting user allowance and afterward. This lack of visibility (classified under CWE-356) enables potentially unwanted or malicious parameter values to be executed without user awareness. The issue carries a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Exploitation requires network access, high privileges (such as those held by a collaborator in a multiplayer session), high attack complexity, and user interaction in the form of granting permission to the tool invocation. An attacker could craft a tool call with malicious parameters, tricking the user into approving it unknowingly, potentially leading to high-impact confidentiality, integrity, and availability violations on the victim's system.
The Zed project patched this in version 0.219.4 by adding expandable details for tool calls, enabling users to inspect parameters before and after invocation. Additional details are available in the GitHub Security Advisory at https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6755
Vulnerability details
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used.…
more
Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UI omission of tool parameters (CWE-356) directly enables a collaborator (valid account) to obtain user approval for hidden malicious parameters, resulting in execution via the editor's tool/command interpreter (T1059) after user interaction (T1204).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires the system to enforce access decisions for tool invocations only after the user has been shown and can review the exact parameters being supplied.
Mandates that audit records capture the full content of each tool invocation, including all parameters, so post-invocation review can reveal malicious values.
Ensures access-control decisions are made against complete, accurate information (parameters) rather than opaque requests.