CVE-2026-47167

MEDIUM EPSS 3.3%
Published Jun 11, 20262w ago · Modified Jun 17, 20262w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Jun 11, 2026 2w ago
Last Modified Jun 17, 2026 2w ago

Description

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's features/*/ or stories/*/ directories are embedded into a Ruby Kernel.eval argument without sufficient escaping, allowing a crafted pattern in an attacker-controlled repository to execute arbitrary Ruby (and through it arbitrary shell commands) when the user invokes a step-jump mapping ([d, ]d). This issue has been patched in version 9.2.0496.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
3.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-94 Improper Control of Generation of Code (Code Injection) Injection
CWE-95

Affected Products 1

VendorProductVersionRange
vimvim* <9.2.0496

References 3

  • github.com https://github.com/vim/vim/commit/a65a52d684bc58535ad28a4ae824d22e76399934
    Patch
  • github.com https://github.com/vim/vim/releases/tag/v9.2.0496
    Product
  • github.com https://github.com/vim/vim/security/advisories/GHSA-4473-94jm-w5x9
    Vendor Advisory

Remediation

  • github.com https://github.com/vim/vim/commit/a65a52d684bc58535ad28a4ae824d22e76399934
    Patch