PT-2026-52481 · Vim · Vim
Published
2026-06-25
·
Updated
2026-06-25
·
CVE-2026-57456
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Vim versions prior to 9.2.0699
Description
Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the
exec() function to populate the completion dictionary. Because docstrings are inserted verbatim between triple quotes without escaping, a specially crafted buffer can break out of the literal string to execute arbitrary Python code. This occurs within the runtime/autoload/python3complete.vim and pythoncomplete.vim scripts. An attacker can trigger this by inducing a user to open or paste a malicious file and then initiate omni-completion, leading to arbitrary code execution under the user's privileges.Recommendations
Update to version 9.2.0699.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vim