CVE-2026-27967 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) affecting the zed code editor prior to version 0.225.9. The flaw exists in the Agent file tools, specifically the `read_file` and `edit_file` functions, which fail to properly validate symbolic links within project directories. When a project contains symbolic links that point to files or directories outside the project workspace, these functions follow the links and access external files. This behavior circumvents the intended workspace boundary enforcement and privacy mechanisms such as `file_scan_exclusions` and `private_files`. As a result, sensitive files outside the project scope can be read or modified, potentially leaking confidential user data to the integrated large language model (LLM) or allowing unauthorized file modifications. The vulnerability requires local attacker presence with the ability to create or manipulate project files containing symlinks and some user interaction to trigger the file operations. The CVSS 3.1 base score is 7.1 (High), reflecting the vulnerability's significant confidentiality and integrity impact but limited attack vector (local) and requirement for user interaction. No known exploits in the wild have been reported yet. The issue was addressed in zed version 0.225.9 by implementing proper symlink resolution checks to ensure file accesses remain confined within the project directory boundaries.

The vulnerability allows unauthorized reading and writing of files outside the intended project workspace, which can lead to leakage of sensitive user data, including potentially private credentials, configuration files, or proprietary source code. This compromises confidentiality and integrity of user data managed within the zed editor environment. Organizations relying on zed for development or editing tasks may face data breaches or unauthorized modifications if attackers exploit this flaw. Since the vulnerability requires local access and user interaction, the risk is higher in environments where users may open untrusted projects or files containing malicious symlinks. The exposure of sensitive data to the LLM integrated with zed could also lead to unintended data disclosure or misuse. Although availability is not impacted, the breach of confidentiality and integrity can have severe consequences, including intellectual property theft, compliance violations, and erosion of user trust.

1. Upgrade zed to version 0.225.9 or later immediately to apply the official fix that enforces proper symlink resolution and workspace boundary checks. 2. Audit existing project directories for symbolic links that point outside the project workspace and remove or replace unsafe symlinks. 3. Implement strict user policies to avoid opening projects or files from untrusted sources that may contain malicious symlinks. 4. Use file system monitoring tools to detect unusual file access patterns or modifications outside expected directories. 5. Limit local user permissions to reduce the ability to create or manipulate symlinks in sensitive environments. 6. Educate users about the risks of opening projects with external symlinks and encourage cautious handling of third-party code. 7. If feasible, isolate the zed editor environment using containerization or sandboxing to restrict file system access beyond the project directory. 8. Monitor for updates or advisories from zed-industries regarding any further related vulnerabilities.