Changeflow GovPing Vulnerability Alerts Vim Vulnerability Allows Code Execution (CVSS 6.6)
Priority review Notice Added Final

Vim Vulnerability Allows Code Execution (CVSS 6.6)

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published February 5th, 2026
Detected March 13th, 2026
Email

Summary

The German National Cybersecurity Agency (BSI) has issued a security advisory for a vulnerability in the Vim text editor. The vulnerability, with a CVSS score of 6.6, allows local attackers to execute arbitrary code. Mitigation is available.

View original document View source feed page

What changed

A critical vulnerability (CVSS 6.6) has been identified in the Vim text editor, specifically affecting versions prior to 9.1.2132. This vulnerability allows local attackers to cause memory corruption, execute arbitrary code, or trigger a denial-of-service condition. The advisory notes that mitigation measures are available.

Organizations using Vim on Linux-based systems (including Oracle Linux, Red Hat Enterprise Linux, Fedora Linux, and Rocky Linux) and Windows are advised to review the advisory and apply available mitigations or updates. While this is a notice of a vulnerability and not a direct regulatory mandate, failure to address such security flaws can lead to significant data breaches and operational disruptions, potentially incurring costs related to incident response and system recovery.

What to do next

  1. Review security advisory WID-SEC-2026-0335 for Vim vulnerability.
  2. Assess impact on systems running affected Vim versions.
  3. Implement available mitigations or update Vim to a patched version.

Source document (simplified)

[WID-SEC-2026-0335] vim: Schwachstelle ermöglicht Codeausführung CVSS Base Score 6.6 (mittel) CVSS Temporal Score 5.8 (mittel) Remoteangriff nein Datum 05.02.2026 Stand UPDATE 13.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.

Produkte

UPDATE 12.03.2026
- Oracle Linux

  • RESF Rocky Linux UPDATE 11.03.2026
  • Red Hat Enterprise Linux UPDATE 15.02.2026
  • Fedora Linux 05.02.2026
  • Open Source vim <9.1.2132

Angriff

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in vim ausnutzen, um eine Speicherbeschädigung zu verursachen, beliebigen Code auszuführen oder einen Denial-of-Service-Zustand herbeizuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.apra.gov.au APRA Statement on Gender Pay Gap
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Vulnerability Alerts
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
February 5th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
INT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Information Security

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Alerts alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.