{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-34982","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-31T19:38:31.617Z","datePublished":"2026-04-06T15:16:48.809Z","dateUpdated":"2026-07-15T01:03:29.473Z"},"containers":{"cna":{"title":"Vim modeline bypass via various options affects Vim < 9.2.0276","problemTypes":[{"descriptions":[{"cweId":"CWE-78","lang":"en","description":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9","tags":["x_refsource_CONFIRM"],"url":"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"},{"name":"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615","tags":["x_refsource_MISC"],"url":"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"},{"name":"https://github.com/vim/vim/releases/tag/v9.2.0276","tags":["x_refsource_MISC"],"url":"https://github.com/vim/vim/releases/tag/v9.2.0276"}],"affected":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0276","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-06T15:16:48.809Z"},"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue."}],"source":{"advisory":"GHSA-8h6p-m6gr-mpw9","discovery":"UNKNOWN"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/04/01/1"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-04-06T15:19:17.901Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-06T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-34982"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-07T03:56:01.436Z"}},{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:9.1.083-6.el10_1.4","versionType":"rpm"},{"lessThan":"*","status":"unaffected","version":"2:9.1.083-9.el10_2.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:9.1.083-5.el10_0.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8","cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-22.el8_10.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-15.el8_4.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-15.el8_4.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-19.el8_6.6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-19.el8_6.6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_tus:8.8"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-20.el8_8.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:8.8"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.0.1763-20.el8_8.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9","cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.2.2637-23.el9_7.3","versionType":"rpm"},{"lessThan":"*","status":"unaffected","version":"2:8.2.2637-26.el9_8.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.2.2637-20.el9_2.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.2.2637-20.el9_4.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2:8.2.2637-22.el9_6.3","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/model-opt-cuda-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782951051","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-cuda-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782951012","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-rocm-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782951244","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"defaultStatus":"affected","packageName":"rhaiis/model-opt-cuda-rhel9","product":"Red Hat AI Inference Server 3.3","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782352950","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-spyre-rhel9","product":"Red Hat AI Inference Server 3.3","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782352919","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-rocm-rhel9","product":"Red Hat AI Inference Server 3.3","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782353093","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-cuda-rhel9","product":"Red Hat AI Inference Server 3.3","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1782352847","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"defaultStatus":"affected","packageName":"insights-proxy/insights-proxy-container-rhel9","product":"Red Hat Insights proxy 1.5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1780420428","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:rhui:5::el9"],"defaultStatus":"affected","packageName":"rhui5/cds-rhel9","product":"Red Hat Update Infrastructure 5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779798159","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:rhui:5::el9"],"defaultStatus":"affected","packageName":"rhui5/haproxy-rhel9","product":"Red Hat Update Infrastructure 5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779798164","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:rhui:5::el9"],"defaultStatus":"affected","packageName":"rhui5/installer-rhel9","product":"Red Hat Update Infrastructure 5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779798165","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:rhui:5::el9"],"defaultStatus":"affected","packageName":"rhui5/rhua-rhel9","product":"Red Hat Update Infrastructure 5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779798222","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","packageName":"vim","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"datePublic":"2026-04-06T15:16:48.809Z","descriptions":[{"lang":"en","value":"A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-34982"},{"name":"RHBZ#2455400","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455400"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30900"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:11389"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19073"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:11509"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33453"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34477"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34476"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28133"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28049"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28050"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:11510"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19224"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36004"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36005"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36006"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30078"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30089"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30088"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30087"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22634"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21275"}],"solutions":[{"lang":"en","value":"RHSA-2026:30900: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:11389: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"},{"lang":"en","value":"RHSA-2026:19073: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"},{"lang":"en","value":"RHSA-2026:11509: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"},{"lang":"en","value":"RHSA-2026:33453: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"},{"lang":"en","value":"RHSA-2026:34477: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)"},{"lang":"en","value":"RHSA-2026:34476: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"},{"lang":"en","value":"RHSA-2026:28133: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:28049: Red Hat Enterprise Linux AppStream E4S (v.9.4), Red Hat Enterprise Linux BaseOS E4S (v.9.4)"},{"lang":"en","value":"RHSA-2026:28050: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:11510: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"},{"lang":"en","value":"RHSA-2026:19224: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"},{"lang":"en","value":"RHSA-2026:36004: Red Hat AI Inference Server 3.2"},{"lang":"en","value":"RHSA-2026:36005: Red Hat AI Inference Server 3.2"},{"lang":"en","value":"RHSA-2026:36006: Red Hat AI Inference Server 3.2"},{"lang":"en","value":"RHSA-2026:30078: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:30089: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:30088: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:30087: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:22634: Red Hat Insights proxy 1.5"},{"lang":"en","value":"RHSA-2026:21275: Red Hat Update Infrastructure 5"}],"timeline":[{"lang":"en","time":"2026-04-06T16:02:10.004Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-06T15:16:48.809Z","value":"Made public."}],"title":"vim: arbitrary command execution via modeline sandbox bypass","workarounds":[{"lang":"en","value":"To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~"}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-15T01:03:29.473Z"}}]}}