CVE-2026-35177

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0280

Description A path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives. This circumvents a previous fix.

Recommendations Update to version 9.2.0280 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2026:22711

BDU:2026-05671

CVE-2026-35177

ECHO-33BB-95D6-B867

MGASA-2026-0083

OESA-2026-2177

USN-8213-1

USN-8246-1

Affected Products

Linuxmint

Red Os

Ubuntu

Vim

Zip.Vim

CVE-2026-35177

Weakness Enumeration

Related Identifiers

Affected Products

References · 36