Medium severity4.1NVD Advisory· Published Apr 6, 2026· Updated Apr 20, 2026
CVE-2026-35177
CVE-2026-35177
Description
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/almalinux/vim-commonpkg:rpm/almalinux/vim-datapkg:rpm/almalinux/vim-enhancedpkg:rpm/almalinux/vim-filesystempkg:rpm/almalinux/vim-minimalpkg:rpm/almalinux/vim-X11pkg:rpm/almalinux/xxd
< 2:9.1.083-9.el10_2.3+ 6 more
- (no CPE)range: < 2:9.1.083-9.el10_2.3
- (no CPE)range: < 2:9.1.083-9.el10_2.3
- (no CPE)range: < 2:9.1.083-9.el10_2.3
- (no CPE)range: < 2:9.1.083-9.el10_2.3
- (no CPE)range: < 2:9.1.083-9.el10_2.3
- (no CPE)range: < 2:9.1.083-9.el10_2.3
- (no CPE)range: < 2:9.1.083-9.el10_2.3
Patches
Vulnerability mechanics
References
1- github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24nvdVendor Advisory
News mentions
0No linked articles in our index yet.