Code Execution Vulnerability in Vim Editor Affects User Environment
CVE-2026-52858
7.3HIGH
What is CVE-2026-52858?
A vulnerability in the Vim text editor allows for the execution of arbitrary code when using the Python omni-completion script. Specifically, if a user opens a malicious Python script in Vim while the +python3 or +python interpreter is enabled, it may execute code from the current buffer. This occurs due to the working directory being on sys.path, which can lead to exploitation by opening a hostile .py file that accompanies a sibling Python package. Users are advised to update to version 9.2.0561 or later to mitigate this risk.
Affected Version(s)
vim < 9.2.0561
