HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-52858Published Modified CNA GitHub_M

CVE-2026-52858: Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and from statements found in the current buffer through Python's import machinery. Because the buffer's working directory is on sys.path, opening a hostile .py file with a sibling Python package and invoking omni-completion runs that package's top-level code as the editing user. This issue has been patched in version 9.2.0561.

Metrics

CVSS v4.0
7.3
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an arbitrary code execution vulnerability in Vim's Python omni-completion feature. An attacker who can place a malicious Python package alongside a file the victim opens in Vim can have that package's code executed automatically when the victim triggers omni-completion, requiring the victim to open the hostile file and invoke the feature. Successful exploitation gives the attacker full code execution as the user running Vim. No fix version has been published yet; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment - the CVE is matched against customer images within minutes of ingestion from upstream feeds, covering both official Vim packages and custom-built images that bundle Vim or its runtime files. Any image containing an affected vim build (pre-9.2.0561 with +python3 or +python enabled) will be flagged automatically.

Available
Triage

Triage is available using the CVSS v4.0 score of 7.3 (HIGH), weighted further by each customer environment's compliance policy to determine priority and routing. Findings are delivered to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment version 9.2.0561 or a later fix is released upstream. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be initiated automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to deliver a hostile .py file and sibling package to the victim over the network, or host them in a reachable location the victim pulls from.

  • AuthenticationRequired

    A low-privilege account or equivalent access is sufficient - the attacker needs only the ability to place files where the victim will open them, not administrative credentials.

  • Victim interactionRequired

    The victim must open the attacker-supplied .py file in Vim and manually trigger Python omni-completion, making this a social-engineering-dependent attack path.

  • Attack complexityDetail

    Exploitation requires the specific precondition that a malicious sibling Python package is present on the buffer's working directory path, introducing environmental dependencies beyond the attacker's direct control.

Blast Radius

  • The attacker executes arbitrary code as the user running Vim, gaining access to all files, secrets, and credentials readable by that user.
  • Environment variables available to the Vim process, including tokens, API keys, and shell configuration, are exposed to the attacker's injected code.
  • The attacker can write or overwrite files owned by the victim user, including shell configuration files, SSH authorized_keys, or source code in the working directory.
  • The affected host's network access is available to the injected code, enabling outbound connections for data exfiltration or further lateral movement.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is active and matches against all customer images containing Vim builds with +python3 or +python support compiled in, including custom base images. Because no upstream fix exists at this time, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available immediately when the upstream project ships a fix. For customers with auto-remediation enabled, the rebuild and regression run will trigger automatically, and a PR will be opened against affected workloads without manual intervention. In the interim, compensating controls available to consider include network-policy isolation of developer workstations from untrusted file sources, egress filtering to limit outbound connections from editing environments, and disabling the +python3 and +python Vim features at build time in custom images where omni-completion is not required.

See how HarborGuard automates this
Affected packages
  • vim / vim
    < 9.2.0561
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References