Skip to main content

Vim CVE-2026-57453

| EUVDEUVD-2026-39446 HIGH
Command Injection (CWE-77)
2026-06-25 GitHub_M
7.3
CVSS 3.1 · NVD
Share

Severity by source

Vendor (GitHub_M) PRIMARY
MEDIUM
qualitative
NVD
7.3 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
vuln.today AI
7.8 HIGH

Local delivery of a file the user must open gives AV:L/UI:R; no auth needed (PR:N); arbitrary command execution as the user justifies C:H/I:H/A:H with scope unchanged.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
7.0 HIGH
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Red Hat
5.8 MEDIUM
qualitative

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

8
Analysis Updated
Jun 26, 2026 - 04:29 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 26, 2026 - 04:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 26, 2026 - 04:22 vuln.today
cvss_changed
Severity Changed
Jun 26, 2026 - 04:22 NVD
MEDIUM HIGH
CVSS changed
Jun 26, 2026 - 04:22 NVD
6.5 (MEDIUM) 7.3 (HIGH)
Patch available
Jun 25, 2026 - 17:02 EUVD
Source Code Evidence Fetched
Jun 25, 2026 - 16:25 vuln.today
Analysis Generated
Jun 25, 2026 - 16:25 vuln.today

DescriptionNVD

Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678.

AnalysisAI

Arbitrary command execution in Vim's bundled zip plugin (autoload/zip.vim) affects builds from 9.1.1784 up to the 9.2.0678 fix on systems where the plugin falls back to PowerShell for archive operations. When browsing, reading, extracting, updating or deleting zip entries, the plugin quotes archive entry names for the shell but not for PowerShell, so a crafted entry name escapes the string context and runs attacker-supplied commands with the privileges of the user who merely opened or viewed the archive. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft zip with malicious entry name
Delivery
Deliver archive to victim
Exploit
Victim opens or views archive in Vim
Execution
Entry name breaks PowerShell string context
Persist
PowerShell executes injected commands
Impact
Code runs with victim's privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires that Vim's bundled zip plugin (autoload/zip.vim) use its PowerShell fallback path - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.3 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L: local attack vector because the malicious archive must reach the victim and be opened, low complexity, no privileges, but required user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails or hosts a booby-trapped .zip whose internal entry name contains PowerShell breakout syntax, then lures a Windows-based developer or analyst into opening or previewing it in Vim. Because Vim's zip plugin auto-browses the archive and builds a PowerShell command from the entry name without PowerShell-safe escaping, the embedded commands run with the victim's privileges the moment the archive is viewed. …
Remediation Upgrade Vim to 9.2.0678 or later, the vendor-released patch (https://github.com/vim/vim/releases/tag/v9.2.0678), which applies the new s:PSEscape() PowerShell-aware quoting across all zip operations (commit b2cc9be119d51212bf0d3f2a99; advisory GHSA-x5fg-h5w9-9frf). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Windows systems running Vim versions 9.1.1784 through 9.2.0677 and determine user count and archive-handling exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Vim

View all
CVE-2022-3520 CRITICAL POC
9.8 Dec 02

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Rated critical severity (CVSS 9.8), this vuln

CVE-2022-0729 HIGH POC
8.8 Feb 23

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Rated high severity (CVSS 8.8), this

CVE-2026-34714 HIGH POC
8.6 Mar 30

{expr} payload embedded in a modeline to be evaluated even when the protective 'modelineexpr' setting is off (the defaul

CVE-2019-12735 HIGH POC
8.6 Jun 05

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via th

CVE-2021-3968 HIGH POC
8.0 Nov 19

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is remotely exploita

CVE-2023-4735 HIGH POC
7.8 Sep 02

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Rated high severity (CVSS 7.8), this vulnerability i

CVE-2023-4781 HIGH POC
7.8 Sep 05

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerab

CVE-2023-4734 HIGH POC
7.8 Sep 02

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Rated high severity (CVSS 7.8), this vuln

CVE-2023-4733 HIGH POC
7.8 Sep 04

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2023-4750 HIGH POC
7.8 Sep 04

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2023-4736 HIGH POC
7.8 Sep 02

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. Rated high severity (CVSS 7.8), this vulnerability

CVE-2023-2610 HIGH POC
7.8 May 09

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Rated high severity (CVSS 7.8), this vuln

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Affected
SLES15-SP6-CHOST-BYOS Affected
SLES15-SP6-CHOST-BYOS-Aliyun Affected
SLES15-SP6-CHOST-BYOS-Azure Affected
SLES15-SP6-CHOST-BYOS-EC2 Affected

Share

CVE-2026-57453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy