CVE-2026-44656

MEDIUM EPSS 55.7%
Published May 8, 20261mo ago · Modified Jun 17, 20262w ago
4.6 CVSS 4.0
Medium
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.

CVSS Details

Base Score
4.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
55.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 1

VendorProductVersionRange
vimvim* <9.2.0435

References 3

  • github.com https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0
    Patch
  • github.com https://github.com/vim/vim/releases/tag/v9.2.0435
    Product
  • github.com https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
    PatchVendor Advisory

Remediation

  • github.com https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0
    Patch
  • github.com https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
    PatchVendor Advisory