CRITICALCVE-2026-34714Published Modified CNA mitre
CVE-2026-34714: Vim before 9
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
Metrics
- CVSS v3.1
- 9.2
- Severity
- CRITICAL
- Fixed in
- 9.2.0272
- Affected Products
- 1
Fix available
9.2.0272
Affected packages
- Vim / Vim< 9.2.0272 (from 0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L