USN-8451-1 vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

CVE-2026-52860

A flaw was found in Vim, an open-source command-line text editor. The Python omni-completion feature executes reconstructed function and class definitions from the current buffer. A remote attacker can exploit this by crafting a hostile buffer, leading to the execution of attacker-controlled Pyth...

Vim < 9.2.0561 Code Injection (GHSA-52mc-rq6p-rc7c)

The version of Vim installed on the remote host is prior to 9.2.0561. It is, therefore, affected by a vulnerability as referenced in the GHSA-52mc-rq6p-rc7c advisory. - The Python omni-completion script python3complete.vim for Vim with the +python3 interpreter enabled executes import and from...

Vim < 9.2.0597 Code Execution (GHSA-65p9-mwwx-7468)

The version of Vim installed on the remote host is prior to 9.2.0597. It is, therefore, affected by a vulnerability as referenced in the GHSA-65p9-mwwx-7468 advisory. - Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of...

Vim: Arbitrary Code Execution via Python Omni-Completion

...

ALPINE-CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

UBUNTU-CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860

Vim before version 9.2.0597 is affected by a Python omni-completion vulnerability: reconstructed function and class definitions from the current buffer are executed via exec(), allowing attacker-controlled Python expressions to run during completion. This can impact confidentiality, integrity, an...

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0561, there was a code injection vulnerability. This vulnerability stemmed from the Python omni-completion script, which executed import and from statements in the current buffer through the Python...

Linux Distros Unpatched Vulnerability : CVE-2026-52858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3...