CVE-2026-34982: Vim Modeline Sandbox Bypass - RCE
Platform
linux
Component
vim
Fixed in
9.2.0276
Vim is a widely used, open-source command-line text editor. This vulnerability allows an attacker to execute arbitrary operating system commands by crafting a malicious file that, when opened in Vim, bypasses the modeline sandbox. Versions of Vim prior to 9.2.0276 are affected; the issue is resolved in version 9.2.0276 with the addition of missing flags and a security check.
How to fix
Actualice a la versión 9.2.0276 o superior para corregir la vulnerabilidad. Esta actualización aborda un bypass del sandbox del modeline que podría permitir la ejecución de comandos del sistema operativo arbitrarios.
Frequently asked questions
What is CVE-2026-34982?
CVE-2026-34982 is a Remote Code Execution (RCE) vulnerability in Vim. It allows an attacker to execute arbitrary commands on a system by crafting a malicious file that bypasses the modeline sandbox due to missing security flags and checks.
Am I affected by this vulnerability?
You are affected if you are using Vim versions 0.0.0 through 9.2.0276. Versions prior to 9.2.0276 are vulnerable to arbitrary OS command execution when opening a specially crafted file.
How do I fix this vulnerability?
To fix this vulnerability, update your Vim installation to version 9.2.0276 or later. This version includes the necessary fixes to prevent the modeline sandbox bypass.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free