{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35177", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T17:26:21.133Z", "datePublished": "2026-04-06T17:54:42.779Z", "dateUpdated": "2026-04-07T14:05:50.387Z"}, "containers": {"cna": {"title": "Path traversal issue with zip.vim in Vim", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": "< 9.2.0280", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:54:42.779Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280."}], "source": {"advisory": "GHSA-jc86-w7vm-8p24", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:05:42.794063Z", "id": "CVE-2026-35177", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:05:50.387Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35177", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T17:26:21.133Z", "datePublished": "2026-04-06T17:54:42.779Z", "dateUpdated": "2026-04-07T14:05:50.387Z"}, "containers": {"cna": {"title": "Path traversal issue with zip.vim in Vim", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": "< 9.2.0280", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:54:42.779Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280."}], "source": {"advisory": "GHSA-jc86-w7vm-8p24", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35177", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T14:05:42.794063Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:05:46.463Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3D55A56-DB97-4B25-B92D-3858619803A5", "versionEndExcluding": "9.2.0280", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280."}], "id": "CVE-2026-35177", "lastModified": "2026-04-20T18:28:03.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-06T18:16:44.003", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass", "id": "2455542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455542"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise."], "mitigation": {"lang": "en:us", "value": "Avoid opening untrusted zip archives with Vim. This operational control prevents the necessary user interaction required to trigger the path traversal vulnerability in the `zip.vim` plugin."}, "name": "CVE-2026-35177", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-06T17:54:42Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-35177\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35177\nhttps://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24"], "statement": "This Moderate impact flaw affects the `zip.vim` plugin in Vim, allowing a local attacker to overwrite arbitrary files. A user must be tricked into opening a specially crafted zip archive for exploitation, potentially compromising data integrity or the system.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.2.0280)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "vim", "source": "cna", "vendor": "vim"}, "product": "vim", "vendor": "vim"}], "analysis": {"en": {"generated_at": "2026-04-07T01:43:14.255916+00:00", "value": {"mitigation_remediation": ["Upgrade Vim to version 9.2.0280 or later"], "summary": {"action": "Upgrade", "impact": "File overwrite via path traversal"}, "threat_synthesis": {"affected_systems": "All installations of Vim using the zip.vim plugin with versions earlier than 9.2.0280 are affected. Updating to version 9.2.0280 or later removes the vulnerability for all vendors listed.", "description_and_impact": "A path traversal bypass in Vim's zip.vim plugin allows an attacker to overwrite arbitrary files when opening specially crafted zip archives. The flaw bypasses a previous fix for a related vulnerability and could enable modification of critical configuration or executable files, potentially leading to system compromise. This weakness is categorized as CWE-22, indicating unsafe handling of file paths.", "risk_and_exploitability": "The CVSS score of 4.1 indicates medium severity. No EPSS score is available, and the issue is not listed in CISA's KEV catalog. The likely attack vector is local: an adversary supplies a crafted zip file and forces the target to open it with Vim, triggering path traversal and file overwrite. Remote exploitation is not indicated by the description, so exploitation requires local access or the ability to influence the target\u2019s file operations."}}}}, "created": "2026-04-07T06:54:48.115209+00:00", "updated": "2026-04-07T09:37:53.094615+00:00", "vendors": ["vim", "vim$PRODUCT$vim"]}