CVE-2026-34714

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-34714
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

9.2 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459 Patch
https://github.com/vim/vim/releases/tag/v9.2.0272 Release Notes
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh Vendor Advisory
https://www.openwall.com/lists/oss-security/2026/03/30/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/04/02/4 Issue Tracking Mailing List
http://www.openwall.com/lists/oss-security/2026/04/02/5
http://www.openwall.com/lists/oss-security/2026/04/03/6
Configurations

Configuration 1 (hide)

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
History

03 Apr 2026, 12:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/04/03/6 -

02 Apr 2026, 18:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/04/02/5 -

02 Apr 2026, 16:58

Type Values Removed Values Added
First Time Vim vim
Vim
CPE cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
References () https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459 - () https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459 - Patch
References () https://github.com/vim/vim/releases/tag/v9.2.0272 - () https://github.com/vim/vim/releases/tag/v9.2.0272 - Release Notes
References () https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh - () https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh - Vendor Advisory
References () https://www.openwall.com/lists/oss-security/2026/03/30/3 - () https://www.openwall.com/lists/oss-security/2026/03/30/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2026/04/02/4 - () http://www.openwall.com/lists/oss-security/2026/04/02/4 - Issue Tracking, Mailing List

02 Apr 2026, 14:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/04/02/4 -

01 Apr 2026, 14:24

Type Values Removed Values Added
Summary
  • (es) Vim anterior a la versión 9.2.0272 permite la ejecución de código que ocurre inmediatamente al abrir un archivo especialmente diseñado en la configuración predeterminada, porque se produce una inyección de %{expr} con tabpanel que carece de P_MLE.

30 Mar 2026, 19:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-30 19:16

Updated : 2026-04-03 12:16

NVD link : CVE-2026-34714

Mitre link : CVE-2026-34714

CVE.ORG link : CVE-2026-34714

JSON object : View

Products Affected

vim

  • vim
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')