Zed LSP Arbitrary Code Execution

A vulnerability in the AI editor Zed allows for an attacker to modify the zed settings.json file to add an arbitrary script as an Language Server Protocol. When the malicious LSP is triggered, the code executes.

This was mitigated by a worktree trust mechanism that enforces a "Restricted Mode" by default, released on January 7th, 2026.

This vulnerability underscores the importance of:

1. reviewing any repositories thoroughly before opening them in an IDE
2. validating any auto-run configurations in any repository before opening the repository in an IDE
3. enabling restrictions on your IDE to prevent code from auto-running when opening repositories