CVE-2026-27976 | zed-industries zed up to 0.224.3 unpack symlink (GHSA-59p4-3mhm-qm3r)

February 26, 2026 Yanac

A vulnerability, which was classified as critical, was found in zed-industries zed up to 0.224.3. Affected is the function async_tar::Archive::unpack. The manipulation results in symlink following.

This vulnerability is cataloged as CVE-2026-27976. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More