Cyber Resilience

CVE-2026-27976

HighPublic PoC

Published: 26 February 2026

Published
26 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0049 38.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27976 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Zed Zed. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 38.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-27976 is a symlink following vulnerability (CWE-61) in the Zed code editor's extension installer, affecting versions prior to 0.224.4. The issue stems from the tar extractor (`async_tar::Archive::unpack`) creating symlinks from tar/gzip archives without validation, combined with the path guard (`writeable_path_from_extension`) performing only lexical prefix checks without resolving symlinks. This allows malicious archives downloaded during extension installation to bypass sandboxing restrictions.

An attacker can exploit this remotely over the network with no privileges by crafting a tar archive for a malicious extension. The archive first creates a symlink within the extension workdir pointing to an arbitrary host path (e.g., `escape -> /`), followed by files written through that symlink, enabling arbitrary file writes outside the sandbox and potential code execution on the host. Exploitation requires user interaction to install the extension, as indicated by the CVSS v3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Zed version 0.224.4 patches the vulnerability by addressing the symlink handling in the extractor and path validation. Additional details are available in the GitHub Security Advisory at https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An…

more

attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Symlink validation bypass in extension tar unpacker enables arbitrary file write/RCE when user installs attacker-crafted malicious extension archive (direct match to malicious file execution with UI:R).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-44465Same product: Zed Zed
CVE-2026-44463Same product: Zed Zed
CVE-2026-44461Same product: Zed Zed
CVE-2026-44466Same product: Zed Zed
CVE-2026-27800Same product: Zed Zed
CVE-2026-25805Same product: Zed Zed
CVE-2026-27967Same product: Zed Zed
CVE-2025-55345Shared CWE-61
CVE-2026-23986Shared CWE-61
CVE-2026-7819Shared CWE-61

Affected Assets

zed
zed
≤ 0.224.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of tar/gzip archive inputs to prevent malicious symlinks from bypassing path guards during extension unpacking.

prevent

Restricts and scans user-installed software like Zed extensions to block installation of malicious tar archives exploiting symlink vulnerabilities.

prevent

Mandates timely flaw remediation by applying patches such as Zed version 0.224.4 to fix the symlink handling and path validation issues.

References