EUVD-2026-19313
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
3Tags
Description
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.
Analysis
Arbitrary OS command execution in Vim prior to version 9.2.0276 occurs when users open maliciously crafted files containing modeline directives that bypass sandbox protections. The vulnerability exploits missing security flags on the complete, guitabtooltip, and printheader options, plus an unchecked mapset() function, enabling attackers to escape Vim's modeline sandbox and execute system commands. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Vim installations across engineering and operations teams; identify instances running versions prior to 9.2.0276. Within 7 days: Upgrade Vim to version 9.2.0276 or later across all affected systems; prioritize machines with elevated privileges or production access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today