Vim · Zip.Vim · CVE-2026-35177
Name of the Vulnerable Software and Affected Versions
Vim versions prior to 9.2.0280
Description
A path traversal bypass in Vim's `zip.vim` plugin allows overwriting of arbitrary files when opening specially crafted zip archives. This circumvents a previous fix.
Recommendations
Update to version 9.2.0280 or later.