vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2026-2232)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-sty...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2026-2269)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-sty...

CentOS 9 : vim-8.2.2637-31.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-31.el9 build changelog. - arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Note that Nessus has not tested for this issue but has instead relied only ...

vim security update

An update is available for vim. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2026:19073 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

RHEL 9 : vim (RHSA-2026:19224)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19224 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass...

RHEL 10 : vim (RHSA-2026:19073)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19073 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass...

ALSA-2026:19224 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: vim (UTSA-2026-021495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021495 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

Alibaba Cloud Linux 3 : 0107: vim (ALINUX3-SA-2026:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-34982: Vim is an open source, command line...

CLSA-2026-1778856286 vim: Fix of CVE-2026-34982

CVE-2026-34982: fix vim modeline sandbox bypass via complete/guitabtooltip/printheader options and mapset...

vim security update

An update is available for vim. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

vim security update

An update is available for vim. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

Important: vim

Issue Overview: A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed. Additionally, the mapset function lacks a checksecure call,...

Amazon Linux 2 : vim, --advisory ALAS2-2026-3251 (ALAS-2026-3251)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3251 advisory. A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline ...

AlmaLinux 8 : vim (ALSA-2026:11509)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:11509 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the AlmaLinux...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...