CVE-2026-34982

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

Updated vim packages fix security vulnerabilities

Vim modeline bypass via various options affects Vim 9.2.0276. CVE-2026-34982 Path traversal issue with zip.vim in Vim v9.2.0280. CVE-2026-35177...

MGASA-2026-0083 Updated vim packages fix security vulnerabilities

Vim modeline bypass via various options affects Vim 9.2.0276. CVE-2026-34982 Path traversal issue with zip.vim in Vim v9.2.0280. CVE-2026-35177...

ALPINE-CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

UBUNTU-CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

CVE-2026-34982

CVE-2026-34982 is a Vim modeline sandbox bypass. Prior to Vim 9.2.0276, a crafted file can trigger arbitrary OS command execution due to a modeline vulnerability. The issue arises because the complete, guitabtooltip and printheader options miss the P_MLE flag, allowing a modeline to be executed, ...

CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

EUVD-2026-19313

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

Vim < 9.2.0276 OS Command Injection (GHSA-8h6p-m6gr-mpw9)

The version of Vim installed on the remote host is prior to 9.2.0276. It is, therefore, affected by a vulnerability as referenced in the GHSA-8h6p-m6gr-mpw9 advisory. - A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete,...

Updated vim packages fix security vulnerability

Vim tabpanel modeline escape affects Vim 9.2.0272...

MGASA-2026-0077 Updated vim packages fix security vulnerability

Vim tabpanel modeline escape affects Vim 9.2.0272...

NewStart CGSL MAIN 6.06 (SP) : vim Vulnerability (NS-SA-2026-0010)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated...

MiracleLinux 7 : vim-7.4.160-1.el7.1 (AXSA:2016-1205:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1205:01 advisory. VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular...

MiracleLinux 4 : vim-7.4.629-5.AXS4.1 (AXSA:2016-1206:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1206:01 advisory. VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular...

MiracleLinux 7 : vim-7.4.160-6.el7 (AXSA:2019-3915:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3915:02 advisory. vim/neovim: ':source!' command allows arbitrary command execution via modelines CVE-2019-12735 Tenable has extracted the preceding description block directly...

EUVD-2004-1136

Malware in sbrugna...