PT-2026-41308 · Vim+2 · Vim+2
Published
2026-05-15
·
Updated
2026-06-23
·
CVE-2026-46483
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Vim versions prior to 9.2.0479
Description
A command injection issue exists in the
tar#Vimuntar() function within runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function constructs :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion, leading to the execution of arbitrary shell commands within the user's context.Recommendations
Update to version 9.2.0479.
Fix
OS Command Injection
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Vim