CVE-2026-34982

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0276

Description Vim is susceptible to remote code execution through maliciously crafted "modelines" that can bypass sandboxes. This allows for the execution of commands.

Recommendations Update to version 9.2.0276 or add "set nomodeline" to your vimrc.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2026:11389

ALSA-2026:11509

ALSA-2026:11510

ALSA-2026:19073

ALSA-2026:19224

BDU:2026-05722

CVE-2026-34982

ECHO-2564-0801-C3CC

MGASA-2026-0083

OESA-2026-1922

OPENSUSE-SU-2026:10652-1

OPENSUSE-SU-2026:20540-1

RHSA-2026:11389

RHSA-2026:11509

RHSA-2026:11510

RHSA-2026:19073

RHSA-2026:19224

SUSE-SU-2026:1347-1

SUSE-SU-2026:1387-1

SUSE-SU-2026:1607-1

SUSE-SU-2026:21118-1

SUSE-SU-2026:21124-1

SUSE-SU-2026:21134-1

SUSE-SU-2026:21197-1

USN-8171-1

Affected Products

Linuxmint

Red Os

Rocky Linux

Ubuntu

Vim

CVE-2026-34982

Weakness Enumeration

Related Identifiers

Affected Products

References · 82