Vim Vulnerability - Arbitrary Code Execution Risk
Summary
CERT-Bund issued security advisory WID-SEC-2026-0940 warning of a high-severity vulnerability in Vim (Vi IMproved) text editor versions prior to 9.2.0276. The vulnerability carries a CVSS Base Score of 8.2 and allows remote anonymous attackers to execute arbitrary code. Mitigation is available; users should upgrade to the latest version.
What changed
CERT-Bund published advisory WID-SEC-2026-0940 detailing a vulnerability in Vim text editor affecting versions below 9.2.0276. The flaw has a CVSS Base Score of 8.2 (High) and Temporal Score of 7.1, enabling remote anonymous attackers to execute arbitrary code. The vulnerability impacts Linux, UNIX, Windows, and other operating systems.
Organizations running Vim should immediately audit their systems for versions below 9.2.0276, apply the available patch to upgrade to the latest version, and verify that mitigation measures are in place. While the advisory indicates mitigation is available, no specific compliance deadline is stated. Failure to patch could expose systems to code execution attacks.
What to do next
- Audit systems for Vim installations below version 9.2.0276
- Apply available patch to upgrade Vim to version 9.2.0276 or later
- Verify mitigation controls are in place for vulnerable Vim instances
Source document (simplified)
[WID-SEC-2026-0940] vim: Schwachstelle ermöglicht Codeausführung CVSS Base Score 8.2 (hoch) CVSS Temporal Score 7.1 (hoch) Remoteangriff nein Datum 31.03.2026 Stand 01.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.
Produkte
31.03.2026
- Open Source vim <9.2.0276
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in vim ausnutzen, um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.