CVE-2026-27967 - Symlink Escape in Agent File Tools

CVE ID : CVE-2026-27967 Published : Feb. 26, 2026, 12:16 a.m. | 47 minutes ago Description : Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory** when a project contains symbolic links pointing to external paths. This bypasses the intended workspace boundary and privacy protections (`file_scan_exclusions`, `private_files`), potentially leaking sensitive user data to the LLM. Version 0.225.9 fixes the issue. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...