CVE-2026-34982 HIGH

CVE-2026-34982: Vim modeline bypass via various options affects Vim < 9.2.0276

Vendor Vim

Product vim

Weakness CWE-78

Published April 6, 2026

Last update June 30, 2026

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.

Key dates

02Disclosure timeline

April 6, 2026 CVE published

June 30, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-34982 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2026-34982: Vim modeline bypass via various options affects Vim < 9.2.0276

01Description

02Disclosure timeline

03References

04Related CVE