CVE-2026-47167
MEDIUM EPSS 3.3%
Published Jun 11, 20262w ago · Modified Jun 17, 20262w ago
5.1 CVSS 4.0
Published Jun 11, 2026 2w ago
Last Modified Jun 17, 2026 2w ago
Description
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's features/*/ or stories/*/ directories are embedded into a Ruby Kernel.eval argument without sufficient escaping, allowing a crafted pattern in an attacker-controlled repository to execute arbitrary Ruby (and through it arbitrary shell commands) when the user invokes a step-jump mapping ([d, ]d). This issue has been patched in version 9.2.0496.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X
Threat Intelligence
EPSS Exploit Probability
3.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
CWE-95
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| vim | vim | * | <9.2.0496 |
References 3
- github.com https://github.com/vim/vim/commit/a65a52d684bc58535ad28a4ae824d22e76399934
- github.com https://github.com/vim/vim/releases/tag/v9.2.0496
- github.com https://github.com/vim/vim/security/advisories/GHSA-4473-94jm-w5x9
Remediation
- github.com https://github.com/vim/vim/commit/a65a52d684bc58535ad28a4ae824d22e76399934