CVE-2026-46483

HIGH EPSS 42.0%
Published May 15, 20261mo ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
High
Find Similar
Published May 15, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
42.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-78 OS Command Injection Injection
CWE-88

Affected Products 1

VendorProductVersionRange
vimvim* <9.2.0479

References 3

  • github.com https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1
    Patch
  • github.com https://github.com/vim/vim/releases/tag/v9.2.0479
    Product
  • github.com https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w
    PatchVendor Advisory

Remediation

  • github.com https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1
    Patch
  • github.com https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w
    PatchVendor Advisory