High severity8.2NVD Advisory· Published Apr 6, 2026· Updated Apr 22, 2026

CVE-2026-34982

Description

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the P_MLE flag, allowing a modeline to be executed. Additionally, the mapset() function lacks a check_secure() call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.

Affected products

Vim/Vim
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Range: <9.2.0276

Patches

75661a66a1db

https://github.com/vim/vimvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.openwall.com/lists/oss-security/2026/04/01/1nvdMailing ListPatchThird Party Advisory
github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615nvdPatch
github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9nvdPatchVendor Advisory
github.com/vim/vim/releases/tag/v9.2.0276nvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000