Skip to main content

Vim EUVDEUVD-2026-39436

| CVE-2026-57456 HIGH
Code Injection (CWE-94)
2026-06-25 GitHub_M
8.4
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local vector because the victim must open the file and invoke completion (UI:R); no target auth needed (PR:N), and exec() of injected Python yields full C/I/A impact at user scope.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Patch available
Jun 25, 2026 - 17:02 EUVD
Source Code Evidence Fetched
Jun 25, 2026 - 16:21 vuln.today
Analysis Generated
Jun 25, 2026 - 16:21 vuln.today

DescriptionCVE.org

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple quotes with no escaping, so a hostile buffer can break out of the triple-quoted literal and execute attacker-controlled Python during omni-completion. This vulnerability is fixed in 9.2.0699.

AnalysisAI

Arbitrary Python code execution in Vim before 9.2.0699 occurs when a victim triggers Python omni-completion (omnifunc) inside a malicious buffer; the python3complete.vim and legacy pythoncomplete.vim runtime plugins reconstruct in-buffer function and class definitions and run them through Python's exec(), inserting each scope's docstring verbatim between triple quotes. Because the docstring is never escaped, a crafted docstring can close the triple-quoted literal and inject attacker-controlled Python that runs with the user's privileges. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft Python file with malicious docstring
Delivery
Deliver file to victim (repo/email)
Exploit
Victim opens buffer in vulnerable Vim
Install
Victim triggers Python omni-completion (Ctrl-X Ctrl-O)
C2
Docstring breaks out of triple-quoted literal
Execute
exec() runs injected Python as user
Impact
Arbitrary code execution at user privilege

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following: a Python-enabled Vim build older than 9.2.0699; the victim opening an attacker-controlled buffer/file; and the victim actively triggering Python omni-completion (omnifunc set to python3complete#Complete or pythoncomplete#Complete, invoked via Ctrl-X Ctrl-O) on that buffer. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H, base 8.4 High) is internally consistent with the description: exploitation is local and requires victim interaction (UI:A) because the user must open the hostile buffer and explicitly invoke Python omni-completion, but no prior authentication or privileges on the target are needed, and impact to confidentiality, integrity and availability is high since arbitrary Python runs with the user's rights. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a Python file (e.g., in a repository, gist, or email attachment) containing a class or function whose docstring is crafted to close the triple-quoted literal and append a payload such as opening a file or spawning a shell. A developer opens the file in a vulnerable Vim build and presses Ctrl-X Ctrl-O to autocomplete a member, at which point Vim's omni-completion reconstructs the definition and exec()s it, running the attacker's Python with the developer's privileges. …
Remediation Upgrade to Vim 9.2.0699 or later, which is the vendor-released patch (fixing commit cce141c42740f122dd8486ae04e21c2a81016ba8); see GHSA-ppj8-wqjf-6fp3 (https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3) and the release at https://github.com/vim/vim/releases/tag/v9.2.0699. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory Vim installations with Python support enabled; disable Python omnifunc (:set omnifunc= in .vimrc) as immediate mitigation; alert users to avoid opening untrusted files. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-27966 CRITICAL POC
9.8 Feb 26

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary

CVE-2025-0868 CRITICAL POC
9.3 Feb 20

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Rated critical severity (C

CVE-2026-41264 CRITICAL POC
9.2 Apr 21

## Abstract Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise. ## Vulnerabi

CVE-2025-1550 CRITICAL POC
9.8 Mar 11

Keras Model.load_model can execute arbitrary code even with safe_mode=True by manipulating the config.json inside a .ker

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Affected
SLES15-SP6-CHOST-BYOS Affected
SLES15-SP6-CHOST-BYOS-Aliyun Affected
SLES15-SP6-CHOST-BYOS-Azure Affected
SLES15-SP6-CHOST-BYOS-EC2 Affected

Share

EUVD-2026-39436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy