Vim Open Source Text Editor Vulnerability in Python Omni-Completion
CVE-2026-52860
7.5HIGH
What is CVE-2026-52860?
Vim, a widely-used open source command line text editor, has a vulnerability in its Python omni-completion feature that allows for code execution. Specifically, prior to version 9.2.0597, Vim executed reconstructed function and class definitions using Python's exec() function while populating the completion dictionary. This poses a risk as an attacker could craft a malicious buffer that executes arbitrary Python code during omni-completion, bypassing existing mitigation measures. A security patch has been released in version 9.2.0597 to address this vulnerability.
Affected Version(s)
vim < 9.2.0597
