Threats Tagged 'cve-2026-27976'
View all threats tagged with 'cve-2026-27976'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-27976'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-27976: CWE-61: UNIX Symbolic Link (Symlink) Following in zed-industries zedCVE-2026-27976 0 Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue. Join the discussion | CVE Database V5 | 02/25/2026, 23:34:40 UTC Added: 02/25/2026, 23:56:31 UTC |
Showing 1 to 1 of 1 result