CVE-2026-25805 - Vulnerability Details - OpenCVE

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq

History

Tue, 10 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.
Title		Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.
Weaknesses		CWE-356
References		https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-10T17:27:49.390Z

Updated: 2026-02-10T19:20:11.990Z

Reserved: 2026-02-05T19:58:01.641Z

Link: CVE-2026-25805

Vulnrichment

Updated: 2026-02-10T19:20:02.772Z

NVD

Status : Received

Published: 2026-02-10T18:16:38.200

Modified: 2026-02-10T18:16:38.200

Link: CVE-2026-25805

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25805", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T19:58:01.641Z", "datePublished": "2026-02-10T17:27:49.390Z", "dateUpdated": "2026-02-10T19:20:11.990Z"}, "containers": {"cna": {"title": "Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.", "problemTypes": [{"descriptions": [{"cweId": "CWE-356", "lang": "en", "description": "CWE-356: Product UI does not Warn User of Unsafe Actions", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq"}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"version": "< 0.219.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-10T17:27:49.390Z"}, "descriptions": [{"lang": "en", "value": "Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details."}], "source": {"advisory": "GHSA-f2g4-87h6-4pxq", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T19:19:39.535300Z", "id": "CVE-2026-25805", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:20:11.990Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25805", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T19:19:39.535300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:20:02.772Z"}}], "cna": {"title": "Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.", "source": {"advisory": "GHSA-f2g4-87h6-4pxq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"status": "affected", "version": "< 0.219.4"}]}], "references": [{"url": "https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq", "name": "https://github.com/zed-industries/zed/security/advisories/GHSA-f2g4-87h6-4pxq", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-356", "description": "CWE-356: Product UI does not Warn User of Unsafe Actions"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-10T17:27:49.390Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25805", "state": "PUBLISHED", "dateUpdated": "2026-02-10T19:20:11.990Z", "dateReserved": "2026-02-05T19:58:01.641Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-10T17:27:49.390Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}