Platform
linux
Component
vim
Fixed in
9.2.0276
Vim is a widely used, open-source command-line text editor. This vulnerability allows an attacker to execute arbitrary operating system commands by crafting a malicious file that, when opened in Vim, bypasses the modeline sandbox. Versions of Vim prior to 9.2.0276 are affected; the issue is resolved in version 9.2.0276 with the addition of missing flags and a security check.
CVE-2026-34982 in Vim, a widely used command-line text editor, allows for arbitrary operating system command execution. This is due to a flaw in the modeline sandbox. Prior to version 9.2.0276, certain options (complete, guitabtooltip, printheader) were missing the 'P_MLE' flag, allowing malicious modelines to be executed. Furthermore, the 'mapset()' function lacks a security check, facilitating abuse from sandboxed expressions. An attacker could craft a specially designed file that, when opened in Vim, executes unwanted commands on the user's system, potentially compromising system security.
Exploitation of this vulnerability requires an attacker to control the content of a file that will be opened by a user using Vim. This could be achieved through a compromised web server, a malicious code repository, or a shared file on a network. Once the user opens the file, the malicious modeline is executed, allowing the attacker to execute arbitrary commands on the user's system. The severity of the vulnerability depends on the user's privilege level opening the file and the system configuration.
Exploit Status
EPSS
0.02% (6% percentile)
CVSS Vector
The recommended solution is to update Vim to version 9.2.0276 or later. This update fixes the vulnerability by adding the 'PMLE' flag to the affected options and including the call to 'checksecure()' in the 'mapset()' function. It is crucial to apply this update as soon as possible, especially in environments where Vim is used to edit files from external sources or shared files. If an immediate update is not possible, restrict access to potentially malicious files and carefully review files before opening them in Vim. Monitoring system logs for suspicious activity can also help detect and respond to potential attacks.
Update to version 9.2.0276 or higher to correct the vulnerability. This update addresses a modeline sandbox bypass that could allow arbitrary operating system commands to be executed.
Vulnerability analysis and critical alerts directly to your inbox.
A modeline is a line in a text file that contains information about the file type, encoding, and other Vim options. It's typically used to automatically configure Vim when a file is opened.
Open Vim and type the command :version. This will display the Vim version you are using.
Restrict access to potentially malicious files, carefully review files before opening them, and monitor system logs for suspicious activity.
No. Only versions prior to 9.2.0276 are vulnerable.
Currently, there are no specific tools to detect malicious files with modelines. However, static code analysis tools can be used to look for suspicious patterns.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.