PatchSiren

vim CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH vim CVE published 2026-06-11

CVE-2026-52860

CVE-2026-52860 is a high-severity vulnerability in Vim's Python omni-completion feature. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. This allows a hostile buffer to execute attacker-controlled Python expressions during omni-completion. The existing g:python [truncated]

MEDIUM vim CVE published 2026-06-11

CVE-2026-52859

CVE-2026-52859 is a MEDIUM severity vulnerability in Vim, a command-line text editor. The vulnerability exists in the update_snapshot() function, which can lead to a crash when a program's output is rendered inside a :terminal window. This issue has been patched in version 9.2.0565.

HIGH vim CVE published 2026-06-11

CVE-2026-52858

CVE-2026-52858 is a high-severity vulnerability in Vim's Python omni-completion script. The vulnerability exists in python3complete.vim for Vim with the +python3 interpreter enabled and in pythoncomplete.vim for builds with the +python interpreter. When a user opens a hostile .py file with a sibling Python package and invokes omni-completion, it runs that package's top-level code as the editing user. This [truncated]

MEDIUM vim CVE published 2026-06-11

CVE-2026-47167

A code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Prior to version 9.2.0496, step-definition patterns read from .rb files under the repository's features/*/ or stories/*/ directories are embedded into a Ruby Kernel.eval argument without sufficient escaping. This allows a crafted pattern in an attacker-co [truncated]

HIGH vim CVE published 2026-06-11

CVE-2026-47162

A code injection vulnerability exists in Vim's Netrw plugin, specifically in the `s:NetrwBookHistSave()` function. This function is used to save the history of browsed directories to the `~/.vim/.netrwhist` file. The vulnerability occurs when directory names are not properly escaped, allowing an attacker to inject arbitrary Vimscript code, including shell commands, by manipulating the directory name.

LOW vim CVE published 2026-05-15

CVE-2026-46483

A command injection vulnerability exists in Vim's tar plugin (tar#Vimuntar() in runtime/autoload/tar.vim) prior to version 9.2.0479. When decompressing .tgz archives on Unix-like systems, the function constructs :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag. This omission allows crafted archive filenames containing Vim cmdline-special characters to trigger expansion [truncated]

MEDIUM vim CVE published 2026-05-08

CVE-2026-45130

A heap buffer overflow vulnerability exists in Vim prior to version 9.2.0450, specifically in the `read_compound()` function within `src/spellfile.c`. The flaw occurs when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section can overflow a 32-bit signed integer multiplication, resulting in a small buffer allocation that is [truncated]

MEDIUM vim CVE published 2026-02-06

CVE-2026-25749

A heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The flaw is located in the get_tagfname() function in src/tag.c, where a user-controlled 'helpfile' option value is copied into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without bounds checking. This vulnerability affects Vim v [truncated]

CRITICAL Vim CVE published 2017-02-27

CVE-2017-6350

CVE-2017-6350 is a critical Vim vulnerability affecting versions through 8.0.0377. According to NVD and the vendor-linked patch reference, an integer overflow in unserialize_uep can occur when Vim fails to validate tree length values while reading a corrupted undo file, which may lead to buffer overflows. The vulnerability was publicly recorded on 2017-02-27, and the NVD entry was later modified on 2026-0 [truncated]

CRITICAL Vim CVE published 2017-02-27

CVE-2017-6349

CVE-2017-6349 is a critical Vim flaw in undo-file handling. A corrupted undo file can trigger an integer overflow during memory allocation in u_read_undo if tree-length values are not validated, which can lead to buffer overflows. The issue was published on 2017-02-27 and is fixed by the upstream patch referenced in the source corpus.

CRITICAL Vim CVE published 2017-02-10

CVE-2017-5953

CVE-2017-5953 is a critical memory-corruption issue in Vim's spell-file handling. According to the NVD record and vendor references, Vim did not properly validate tree-length values, which could trigger an integer overflow at a memory-allocation site and then a resulting buffer overflow. The issue was publicly disclosed on 2017-02-10 and is rated CVSS 3.0 9.8 (network, low complexity, no privileges, no us [truncated]