{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-34714", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-30T18:27:55.398Z", "datePublished": "2026-03-30T18:27:55.752Z", "dateUpdated": "2026-04-03T11:15:39.723Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vim", "vendor": "Vim", "versions": [{"lessThan": "9.2.0272", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T18:40:41.801Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/30/3"}, {"url": "https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh"}, {"url": "https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459"}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0272"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.2.0272"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T03:55:42.420298Z", "id": "CVE-2026-34714", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:50:15.296Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/02/4"}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/02/5"}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/03/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-03T11:15:39.723Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/02/4"}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/02/5"}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/03/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-03T11:15:39.723Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T03:55:42.420298Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:53:39.611Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.2, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Vim", "product": "Vim", "versions": [{"status": "affected", "version": "0", "lessThan": "9.2.0272", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/30/3"}, {"url": "https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh"}, {"url": "https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459"}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0272"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "9.2.0272"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T18:40:41.801Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34714", "state": "PUBLISHED", "dateUpdated": "2026-04-03T11:15:39.723Z", "dateReserved": "2026-03-30T18:27:55.398Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T18:27:55.752Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "82217BEF-646B-4092-B88A-33A17080CF1B", "versionEndExcluding": "9.2.0272", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE."}, {"lang": "es", "value": "Vim anterior a la versi\u00f3n 9.2.0272 permite la ejecuci\u00f3n de c\u00f3digo que ocurre inmediatamente al abrir un archivo especialmente dise\u00f1ado en la configuraci\u00f3n predeterminada, porque se produce una inyecci\u00f3n de %{expr} con tabpanel que carece de P_MLE."}], "id": "CVE-2026-34714", "lastModified": "2026-04-03T12:16:18.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-30T19:16:26.853", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/vim/vim/releases/tag/v9.2.0272"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2026/03/30/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2026/04/02/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/02/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/03/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: Vim: Arbitrary code execution via crafted file", "id": "2453139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453139"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-917", "details": ["A flaw was found in Vim. This vulnerability allows an attacker to execute malicious code on a user's system. This occurs when a user opens a specially crafted file, leading to immediate code execution due to a vulnerability in how Vim handles expressions within its tabpanel feature."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-34714", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-03-30T18:27:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34714\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34714\nhttps://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459\nhttps://github.com/vim/vim/releases/tag/v9.2.0272\nhttps://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh\nhttps://www.openwall.com/lists/oss-security/2026/03/30/3"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.2.0272)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Vim", "source": "cna", "vendor": "Vim"}, "product": "vim", "vendor": "vim"}], "analysis": {"en": {"generated_at": "2026-03-31T06:52:03.336373+00:00", "value": {"mitigation_remediation": ["Update Vim to version 9.2.0272 or later."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Affected systems include all installations of the Vim editor built for Linux, macOS, and Windows prior to version 9.2.0272. The vulnerability applies to the default configuration; no special build flags are required. Users running any of these versions and opening files from untrusted sources are at risk.", "description_and_impact": "Vim versions older than 9.2.0272 can execute arbitrary code as soon as an attacker opens a specially crafted file. The flaw arises from an unescaped %{expr} injection in the tabpanel configuration when the P_MLE flag is absent, allowing shell commands to be evaluated in the user\u2019s environment. If exploited, the attacker achieves full code execution under the current user\u2019s privileges, compromising the session and potentially the underlying system.", "risk_and_exploitability": "The CVSS score of 9.2 categorizes this vulnerability as critical. An EPSS score is not available, and the issue is not listed in the CISA KEV catalog. Exploitation is local: the victim must open the crafted file; no network or privilege escalation mechanism is required beyond that. Because the injected command runs with the current process\u2019s privileges, a local attacker can gain full control of the system once the file is opened, making it a high\u2011risk threat for unpatched users."}}}}, "created": "2026-03-31T20:00:11.744603+00:00", "updated": "2026-03-31T20:40:29.593984+00:00", "vendors": ["vim", "vim$PRODUCT$vim"]}