Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-34982

vim: arbitrary command execution via modeline sandbox bypass (important)
Back to all
CVE

CVE-2026-34982

vim: arbitrary command execution via modeline sandbox bypass (important)

DOCUMENTATION: A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the completeguitabtooltipprintheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution. 

            STATEMENT: To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.

            MITIGATION: To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:

set nomodeline

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.2
-
3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
C
H
U
-
C
H
U
-

Related Resources

No items found.

References

https://access.redhat.com/security/cve/CVE-2026-34982

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0.00034%
EPSS Percentile
0.1048%
Introduced Version
0
Fix Available
2:8.0.1763-22.el8_10.3,2:8.2.2637-26.el9_8.4,2:8.2.2637-23.el9_7.3,2:9.1.0016-1ubuntu7.11,2:8.1.2269-1ubuntu5.32+esm3,2:8.2.3995-1ubuntu2.27,9.2.0276,9.2.0280-r0,2:8.0.1763-22.0.1.el8_10.3,2:8.2.2637-23.0.1.el9_7.3,2:9.2.240-1.amzn2023.0.2,2:9.0.2153-1.amzn2.0.5

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading