Lucene search
K

5 matches found

OSV
OSV
added 2026/05/24 12:33 a.m.9 views

CLSA-2026-1779582830 vim: Fix of CVE-2026-46483

CVE-2026-46483: fix command injection in tar plugin Vimuntar when decompressing .tgz archives by passing the special flag to shellescape upstream vim 9.2.0479...

7CVSS5.8AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/20 4:41 p.m.11 views

CVE-2026-46483

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6AI score0.00552EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.12 views

Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

...

7CVSS5.8AI score0.00552EPSS
Exploits0
CVE
CVE
added 2026/05/15 2:57 p.m.37 views

CVE-2026-46483

Summary (CVE-2026-46483): Vim for Unix-like systems is vulnerable prior to version 9.2.0479 due to a command injection in tar#Vimuntar() within runtime/autoload/tar.vim when decompressing .tgz archives. The function constructs shell commands using shellescape(tartail) without the {special} flag, ...

7CVSS5.9AI score0.00552EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/15 2:57 p.m.54 views

CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

3.6CVSS0.00552EPSS
Exploits0References3
Rows per page
Query Builder