vim: Fix of CVE-2026-46483

🗓️ 29 May 2026 15:17:26Reported by CloudLinuxType

cloudlinux

cloudlinux🔗 repo.cloudlinux.com👁 9 Views

Vim fixes CVE-2026-46483 by correcting shellescape in tar#Vimuntar() to stop injection from tarball names.

Reporter	Title	Published	Views	Family All 76
ATTACKERKB	CVE-2026-46483	15 May 202614:57	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1862)	22 Jun 202600:00	–	nessus
Tenable Nessus	Fedora 43 : vim (2026-75b5ddf8c3)	3 Jun 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : vim (openSUSE-SU-2026:20828-1)	1 Jun 202600:00	–	nessus
Tenable Nessus	RHEL 9 : vim (RHSA-2026:28049)	22 Jun 202600:00	–	nessus
Tenable Nessus	RHEL 9 : vim (RHSA-2026:28050)	22 Jun 202600:00	–	nessus
Tenable Nessus	RHEL 9 : vim (RHSA-2026:28133)	23 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLES16 Security Update : vim (SUSE-SU-2026:21859-1)	2 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : vim (SUSE-SU-2026:2313-1)	14 Jun 202600:00	–	nessus
Tenable Nessus	TencentOS Server 4: vim (TSSA-2026:0347)	15 Jun 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Centos	6	x86_64	vim-x11	7.4.629	vim-7.4.629-5.2.el6.tuxcare.els52.src.rpm
Centos	6	x86_64	vim-common	7.4.629	vim-7.4.629-5.2.el6.tuxcare.els52.src.rpm
Centos	6	x86_64	vim-enhanced	7.4.629	vim-7.4.629-5.2.el6.tuxcare.els52.src.rpm
Centos	6	x86_64	vim-filesystem	7.4.629	vim-7.4.629-5.2.el6.tuxcare.els52.src.rpm
Centos	6	x86_64	vim-minimal	7.4.629	vim-7.4.629-5.2.el6.tuxcare.els52.src.rpm

29 May 2026 15:17Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.13.6 - 7

EPSS0.00552

SSVC

vim vulnerability fix tar plugin shellescape usage vimuntar function command injection tarball names