Vulnerability-Lookup

CVE-2026-34982 (GCVE-0-2026-34982)

Vulnerability from cvelistv5 – Published: 2026-04-06 15:16 – Updated: 2026-04-07 03:56

Title

Vim modeline bypass via various options affects Vim < 9.2.0276

Summary

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GH…	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/75661a66a1db1e1…	x_refsource_MISC
	https://github.com/vim/vim/releases/tag/v9.2.0276	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Affected: < 9.2.0276

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-06T15:19:17.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-07T03:56:01.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.2.0276"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-06T15:16:48.809Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
        },
        {
          "name": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
        },
        {
          "name": "https://github.com/vim/vim/releases/tag/v9.2.0276",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
        }
      ],
      "source": {
        "advisory": "GHSA-8h6p-m6gr-mpw9",
        "discovery": "UNKNOWN"
      },
      "title": "Vim modeline bypass via various options affects Vim \u003c 9.2.0276"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34982",
    "datePublished": "2026-04-06T15:16:48.809Z",
    "dateReserved": "2026-03-31T19:38:31.617Z",
    "dateUpdated": "2026-04-07T03:56:01.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-34982\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-06T16:16:38.777\",\"lastModified\":\"2026-04-07T13:20:11.643\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vim/vim/releases/tag/v9.2.0276\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/01/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-06T15:19:17.901Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34982\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-06T15:33:37.790133Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-06T15:33:40.983Z\"}}], \"cna\": {\"title\": \"Vim modeline bypass via various options affects Vim \u003c 9.2.0276\", \"source\": {\"advisory\": \"GHSA-8h6p-m6gr-mpw9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 9.2.0276\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615\", \"name\": \"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vim/vim/releases/tag/v9.2.0276\", \"name\": \"https://github.com/vim/vim/releases/tag/v9.2.0276\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-06T15:16:48.809Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-34982\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-06T15:40:39.509Z\", \"dateReserved\": \"2026-03-31T19:38:31.617Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-06T15:16:48.809Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-34982

Vulnerability from fkie_nvd - Published: 2026-04-06 16:16 - Updated: 2026-04-07 13:20

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615
	security-advisories@github.com	https://github.com/vim/vim/releases/tag/v9.2.0276
	security-advisories@github.com	https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/04/01/1

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue."
    }
  ],
  "id": "CVE-2026-34982",
  "lastModified": "2026-04-07T13:20:11.643",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-06T16:16:38.777",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CERTFR-2026-AVI-0406

Vulnerability from certfr_avis - Published: 2026-04-08 - Updated: 2026-04-08

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	azl3 python-ecdsa 0.18.0-2 versions antérieures à 0.19.2-1
Microsoft	N/A	azl3 freeipmi 1.6.11-1 versions antérieures à 1.6.17-1
Microsoft	N/A	azl3 kernel 6.6.130.1-3 versions antérieures à 6.6.130.1-3
Microsoft	N/A	azl3 nodejs 20.14.0-14 versions antérieures à 20.14.0-15
Microsoft	N/A	azl3 gdk-pixbuf2 2.42.10-4 versions antérieures à 2.42.10-5
Microsoft	N/A	azl3 vim 9.2.0240-1 versions antérieures à 9.2.0315-1
Microsoft	N/A	azl3 telegraf 1.31.0-17 versions antérieures à 1.31.0-18

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-33554	2026-04-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-34982	2026-04-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-33936	2026-03-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-21714	2026-04-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-21710	2026-04-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-31394	2026-04-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-29785	2026-04-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-5201	2026-04-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-21713	2026-04-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-33216	2026-04-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-21715	2026-04-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-21716	2026-04-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-34714	2026-04-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-35177	2026-04-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 python-ecdsa 0.18.0-2 versions ant\u00e9rieures \u00e0 0.19.2-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 freeipmi 1.6.11-1 versions ant\u00e9rieures \u00e0 1.6.17-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.130.1-3 versions ant\u00e9rieures \u00e0 6.6.130.1-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nodejs 20.14.0-14 versions ant\u00e9rieures \u00e0 20.14.0-15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gdk-pixbuf2 2.42.10-4 versions ant\u00e9rieures \u00e0 2.42.10-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 vim 9.2.0240-1 versions ant\u00e9rieures \u00e0 9.2.0315-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 telegraf 1.31.0-17 versions ant\u00e9rieures \u00e0 1.31.0-18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-34714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34714"
    },
    {
      "name": "CVE-2026-33936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33936"
    },
    {
      "name": "CVE-2026-34982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
    },
    {
      "name": "CVE-2026-33554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33554"
    },
    {
      "name": "CVE-2026-5201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-5201"
    },
    {
      "name": "CVE-2026-31394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31394"
    },
    {
      "name": "CVE-2026-21715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
    },
    {
      "name": "CVE-2026-21716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
    },
    {
      "name": "CVE-2026-21714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
    },
    {
      "name": "CVE-2026-33216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
    },
    {
      "name": "CVE-2026-21713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
    },
    {
      "name": "CVE-2026-35177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-35177"
    },
    {
      "name": "CVE-2026-29785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
    },
    {
      "name": "CVE-2026-21710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
    }
  ],
  "initial_release_date": "2026-04-08T00:00:00",
  "last_revision_date": "2026-04-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0406",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2026-04-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33554",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33554"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34982",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34982"
    },
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33936",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33936"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21714",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21714"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21710",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21710"
    },
    {
      "published_at": "2026-04-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31394",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31394"
    },
    {
      "published_at": "2026-04-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-29785",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29785"
    },
    {
      "published_at": "2026-04-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-5201",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5201"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21713",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21713"
    },
    {
      "published_at": "2026-04-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33216",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33216"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21715",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21715"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21716",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21716"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34714",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34714"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-35177",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35177"
    }
  ]
}

MSRC_CVE-2026-34982

Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-04-09 01:02

Summary

Vim modeline bypass via various options affects Vim < 9.2.0276

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-34982

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

None Available There is no fix available for this vulnerability as of now

Vendor Fix 9.2.0315-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade https://learn.microsoft.com/en-us/azure/azure-lin…

References

URL

Category

	https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
	https://support.microsoft.com/lifecycle	external
	https://www.first.org/cvss	external
	https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-34982 Vim modeline bypass via various options affects Vim \u003c 9.2.0276 - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-34982.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Vim modeline bypass via various options affects Vim \u003c 9.2.0276",
    "tracking": {
      "current_release_date": "2026-04-09T01:02:34.000Z",
      "generator": {
        "date": "2026-04-09T07:14:16.755Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-34982",
      "initial_release_date": "2026-04-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-04-08T01:01:19.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-04-09T01:02:34.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 vim 9.2.0240-1",
                "product": {
                  "name": "cbl2 vim 9.2.0240-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 vim 9.2.0240-1",
                "product": {
                  "name": "\u003cazl3 vim 9.2.0240-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 vim 9.2.0240-1",
                "product": {
                  "name": "azl3 vim 9.2.0240-1",
                  "product_id": "21147"
                }
              }
            ],
            "category": "product_name",
            "name": "vim"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 vim 9.2.0240-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 vim 9.2.0240-1 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 vim 9.2.0240-1 as a component of Azure Linux 3.0",
          "product_id": "21147-17084"
        },
        "product_reference": "21147",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-34982",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "21147-17084"
        ],
        "known_affected": [
          "17086-1",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34982 Vim modeline bypass via various options affects Vim \u003c 9.2.0276 - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-34982.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-04-08T01:01:19.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-1"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-08T01:01:19.000Z",
          "details": "9.2.0315-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "temporalScore": 8.2,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "17086-1",
            "17084-2"
          ]
        }
      ],
      "title": "Vim modeline bypass via various options affects Vim \u003c 9.2.0276"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-34982 (GCVE-0-2026-34982)

FKIE_CVE-2026-34982

CERTFR-2026-AVI-0406

Solutions

MSRC_CVE-2026-34982

Tags

Sightings

Nomenclature