Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-59856 (GCVE-0-2026-59856)
Vulnerability from cvelistv5 – Published: 2026-07-09 22:39 – Updated: 2026-07-14 03:55- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/vim/vim/security/advisories/GH… | x_refsource_CONFIRM |
| https://github.com/vim/vim/commit/43afc581a37a357… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T03:55:39.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0736"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T22:39:01.803Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97"
},
{
"name": "https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24"
}
],
"source": {
"advisory": "GHSA-fh26-8f79-wj97",
"discovery": "UNKNOWN"
},
"title": "Vim: Arbitrary Code Execution via PHP Omni-Completion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59856",
"datePublished": "2026-07-09T22:39:01.803Z",
"dateReserved": "2026-07-07T15:41:53.606Z",
"dateUpdated": "2026-07-14T03:55:39.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-59856",
"date": "2026-07-15",
"epss": "0.00169",
"percentile": "0.06507"
},
"microsoft_vex": {
"current_release_date": "2026-07-11T01:01:16.000Z",
"cve": "CVE-2026-59856",
"id": "msrc_CVE-2026-59856",
"initial_release_date": "2026-07-02T00:00:00.000Z",
"product_status:known_affected": "1",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Vim: Arbitrary Code Execution via PHP Omni-Completion",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-59856.json",
"version": "1"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-59856\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-07-09T23:17:06.420\",\"lastModified\":\"2026-07-14T05:16:19.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"vim\",\"product\":\"vim\",\"versions\":[{\"version\":\"\u003c 9.2.0736\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-13T00:00:00+00:00\",\"id\":\"CVE-2026-59856\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.0736\",\"matchCriteriaId\":\"5D978571-6FF6-4BCA-978F-9701F6A5E6A5\"}]}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-14T11:35:29+00:00",
"cve": "CVE-2026-59856",
"id": "CVE-2026-59856",
"initial_release_date": "2026-07-09T22:39:01.803000+00:00",
"product_status:fixed": "4",
"product_status:known_affected": "33",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "vim: Vim: Arbitrary code execution via crafted PHP file in omni-completion",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59856.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-59856\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-10T14:44:45.848798Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-10T14:44:50.900Z\"}}], \"cna\": {\"title\": \"Vim: Arbitrary Code Execution via PHP Omni-Completion\", \"source\": {\"advisory\": \"GHSA-fh26-8f79-wj97\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 9.2.0736\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24\", \"name\": \"https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-07-09T22:39:01.803Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-59856\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-14T03:55:39.477Z\", \"dateReserved\": \"2026-07-07T15:41:53.606Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-07-09T22:39:01.803Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0873
Vulnerability from certfr_avis - Published: 2026-07-15 - Updated: 2026-07-15
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure Linux | azl3 libXfont2 2.0.6-1 versions antérieures à 2.0.8-1 | ||
| Microsoft | Azure Linux | azl3 telegraf 1.31.0-23 versions antérieures à 1.31.0-25 | ||
| Microsoft | Azure Linux | azl3 clamav 1.5.2-3 versions antérieures à 1.5.3-1 | ||
| Microsoft | Azure Linux | azl3 glib 2.78.6-9 versions antérieures à 2.78.6-10 | ||
| Microsoft | Azure Linux | azl3 mtr 0.95-3 versions antérieures à 0.95-4 | ||
| Microsoft | Azure Linux | azl3 xorg-x11-server-Xwayland 24.1.12-1 versions antérieures à 24.1.13-1 | ||
| Microsoft | Azure Linux | azl3 python-msgpack 1.0.5-2 versions antérieures à 1.0.5-3 | ||
| Microsoft | Azure Linux | azl3 curl 8.11.1-9 versions antérieures à 8.11.1-10 | ||
| Microsoft | Azure Linux | azl3 erlang 26.2.5.21-2 versions antérieures à 26.2.5.21-3 | ||
| Microsoft | Azure Linux | azl3 openssh 9.8p1-8 versions antérieures à 9.8p1-9 | ||
| Microsoft | Azure Linux | azl3 python-setuptools 69.0.3-5 versions antérieures à 69.0.3-6 | ||
| Microsoft | Azure Linux | azl3 nodejs 24.17.0-1 versions antérieures à 24.17.0-2 | ||
| Microsoft | Azure Linux | azl3 vim 9.2.0735-1 versions antérieures à 9.2.0782-1 | ||
| Microsoft | Azure Linux | azl3 keras 3.3.3-7 versions antérieures à 3.3.3-8 | ||
| Microsoft | Azure Linux | azl3 perl-DBI 1.643-5 versions antérieures à 1.650-1 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 libXfont2 2.0.6-1 versions ant\u00e9rieures \u00e0 2.0.8-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 telegraf 1.31.0-23 versions ant\u00e9rieures \u00e0 1.31.0-25",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 clamav 1.5.2-3 versions ant\u00e9rieures \u00e0 1.5.3-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib 2.78.6-9 versions ant\u00e9rieures \u00e0 2.78.6-10",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 mtr 0.95-3 versions ant\u00e9rieures \u00e0 0.95-4",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 xorg-x11-server-Xwayland 24.1.12-1 versions ant\u00e9rieures \u00e0 24.1.13-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-msgpack 1.0.5-2 versions ant\u00e9rieures \u00e0 1.0.5-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 curl 8.11.1-9 versions ant\u00e9rieures \u00e0 8.11.1-10",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 erlang 26.2.5.21-2 versions ant\u00e9rieures \u00e0 26.2.5.21-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 openssh 9.8p1-8 versions ant\u00e9rieures \u00e0 9.8p1-9",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-setuptools 69.0.3-5 versions ant\u00e9rieures \u00e0 69.0.3-6",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 24.17.0-1 versions ant\u00e9rieures \u00e0 24.17.0-2",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 vim 9.2.0735-1 versions ant\u00e9rieures \u00e0 9.2.0782-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-7 versions ant\u00e9rieures \u00e0 3.3.3-8",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 perl-DBI 1.643-5 versions ant\u00e9rieures \u00e0 1.650-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-14380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-14380"
},
{
"name": "CVE-2026-14461",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-14461"
},
{
"name": "CVE-2026-59996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59996"
},
{
"name": "CVE-2026-59995",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59995"
},
{
"name": "CVE-2026-59999",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59999"
},
{
"name": "CVE-2026-20216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20216"
},
{
"name": "CVE-2026-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58013"
},
{
"name": "CVE-2026-8926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8926"
},
{
"name": "CVE-2026-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20243"
},
{
"name": "CVE-2026-8458",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8458"
},
{
"name": "CVE-2026-14739",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-14739"
},
{
"name": "CVE-2026-58015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58015"
},
{
"name": "CVE-2026-56000",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-56000"
},
{
"name": "CVE-2026-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58014"
},
{
"name": "CVE-2026-20215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20215"
},
{
"name": "CVE-2026-58012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58012"
},
{
"name": "CVE-2026-59890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59890"
},
{
"name": "CVE-2026-10536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10536"
},
{
"name": "CVE-2026-20213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20213"
},
{
"name": "CVE-2026-8932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8932"
},
{
"name": "CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"name": "CVE-2026-59997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59997"
},
{
"name": "CVE-2026-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58010"
},
{
"name": "CVE-2026-12064",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12064"
},
{
"name": "CVE-2026-12480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12480"
},
{
"name": "CVE-2026-20214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20214"
},
{
"name": "CVE-2026-60002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-60002"
},
{
"name": "CVE-2026-9079",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9079"
},
{
"name": "CVE-2026-56003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-56003"
},
{
"name": "CVE-2026-59856",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59856"
},
{
"name": "CVE-2026-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20217"
},
{
"name": "CVE-2026-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58011"
},
{
"name": "CVE-2026-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58016"
},
{
"name": "CVE-2026-60001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-60001"
},
{
"name": "CVE-2026-14740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-14740"
},
{
"name": "CVE-2026-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20244"
},
{
"name": "CVE-2026-57585",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-57585"
},
{
"name": "CVE-2026-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8927"
},
{
"name": "CVE-2026-60000",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-60000"
},
{
"name": "CVE-2026-54908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54908"
},
{
"name": "CVE-2026-56002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-56002"
},
{
"name": "CVE-2026-54886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54886"
},
{
"name": "CVE-2026-56001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-56001"
},
{
"name": "CVE-2026-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8286"
}
],
"initial_release_date": "2026-07-15T00:00:00",
"last_revision_date": "2026-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0873",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
"vendor_advisories": [
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58013",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58013"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-9079",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9079"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-56001",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56001"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20243"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-60001",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-60001"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20214"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-8927",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8927"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20216",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20216"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-54908",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54908"
},
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58011",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58011"
},
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58012",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58012"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-8926",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8926"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-59997",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59997"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-56002",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56002"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-60002",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-60002"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-8932",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8932"
},
{
"published_at": "2026-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-57585",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57585"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-12064",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12064"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20215"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-56000",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56000"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-56003",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56003"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-14380",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-14380"
},
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58014",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58014"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-8286",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8286"
},
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58015",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58015"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-8458",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8458"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-11525",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11525"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-59996",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59996"
},
{
"published_at": "2026-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-10536",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10536"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20213",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20213"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-59999",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59999"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-59995",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59995"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20244",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20244"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-14740",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-14740"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-14461",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-14461"
},
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58016",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58016"
},
{
"published_at": "2026-07-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-12480",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12480"
},
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-58010",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58010"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-59856",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59856"
},
{
"published_at": "2026-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-60000",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-60000"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-14739",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-14739"
},
{
"published_at": "2026-07-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-54886",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54886"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-59890",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59890"
},
{
"published_at": "2026-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-20217",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20217"
}
]
}
FKIE_CVE-2026-59856
Vulnerability from fkie_nvd - Published: 2026-07-09 23:17 - Updated: 2026-07-14 05:16{
"affected": [
{
"affectedData": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0736"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D978571-6FF6-4BCA-978F-9701F6A5E6A5",
"versionEndExcluding": "9.2.0736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736."
}
],
"id": "CVE-2026-59856",
"lastModified": "2026-07-14T05:16:19.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-59856",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-09T23:17:06.420",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
MSRC_CVE-2026-59856
Vulnerability from csaf_microsoft - Published: 2026-07-02 00:00 - Updated: 2026-07-12 14:55| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-59856.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Vim: Arbitrary Code Execution via PHP Omni-Completion",
"tracking": {
"current_release_date": "2026-07-12T14:55:22.000Z",
"generator": {
"date": "2026-07-13T08:50:21.988Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-59856",
"initial_release_date": "2026-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-07-11T01:01:16.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-07-12T14:55:22.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 vim 0:9.2.0735-1.azl3",
"product": {
"name": "\u003cazl3 vim 0:9.2.0735-1.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 vim 0:9.2.0735-1.azl3",
"product": {
"name": "azl3 vim 0:9.2.0735-1.azl3",
"product_id": "21574"
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 vim 0:9.2.0735-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 vim 0:9.2.0735-1.azl3 as a component of Azure Linux 3.0",
"product_id": "21574-17084"
},
"product_reference": "21574",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-59856",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21574-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-59856.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:01:16.000Z",
"details": "0:9.2.0782-1.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "Vim: Arbitrary Code Execution via PHP Omni-Completion"
}
]
}
RHSA-2026:35387
Vulnerability from csaf_redhat - Published: 2026-07-03 09:43 - Updated: 2026-07-14 11:35A flaw was found in Vim, an open-source command-line text editor. A remote attacker could exploit this vulnerability by convincing a user to load a specially crafted spell file. This malicious file can trigger a stack out-of-bounds write, which corrupts the editor's memory and causes it to crash. This leads to a Denial of Service (DoS), making the editor unavailable to the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:vim-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
There is a security flaw in Vim. If you use Vim to open a malicious file written by a hacker, and you use the auto-complete feature while typing, the file can secretly force your computer to run unauthorized commands or malware.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:vim-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remote attacker to achieve arbitrary operating-system command execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:vim-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
An out-of-bounds write vulnerability in Vim's spell_soundfold_sal() function allows an attacker to corrupt memory and crash the editor (Denial of Service) by supplying a specially crafted word during spell sound-folding.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:vim-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A command injection vulnerability in Vim's C omni-completion script allows an attacker to execute arbitrary commands if a user is tricked into opening a maliciously crafted tags file and manually invoking the autocomplete feature.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:vim-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:vim-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:35387 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-57456 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-55892 | external |
| https://access.redhat.com/security/cve/CVE-2026-59856 | external |
| https://access.redhat.com/security/cve/CVE-2026-59858 | external |
| https://access.redhat.com/security/cve/CVE-2026-59857 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-55892 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2492975 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55892 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55892 | external |
| https://github.com/vim/vim/commit/8325b193bba5f01… | external |
| https://github.com/vim/vim/releases/tag/v9.2.0662 | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
| https://access.redhat.com/security/cve/CVE-2026-57456 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2492972 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-57456 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-57456 | external |
| https://github.com/vim/vim/commit/cce141c42740f12… | external |
| https://github.com/vim/vim/releases/tag/v9.2.0699 | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
| https://access.redhat.com/security/cve/CVE-2026-59856 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2498867 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-59856 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-59856 | external |
| https://github.com/vim/vim/commit/43afc581a37a357… | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
| https://access.redhat.com/security/cve/CVE-2026-59857 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2498863 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-59857 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-59857 | external |
| https://github.com/vim/vim/commit/d22ff1c955ff87e… | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
| https://access.redhat.com/security/cve/CVE-2026-59858 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2498868 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-59858 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-59858 | external |
| https://github.com/vim/vim/commit/6b611b0d15603c5… | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nvim:\n * vim-X11-9.2.780-1.hum1 (aarch64, x86_64)\n * vim-common-9.2.780-1.hum1 (aarch64, x86_64)\n * vim-data-9.2.780-1.hum1 (noarch)\n * vim-default-editor-9.2.780-1.hum1 (noarch)\n * vim-enhanced-9.2.780-1.hum1 (aarch64, x86_64)\n * vim-filesystem-9.2.780-1.hum1 (noarch)\n * vim-minimal-9.2.780-1.hum1 (aarch64, x86_64)\n * xxd-9.2.780-1.hum1 (aarch64, x86_64)\n * vim-9.2.780-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35387",
"url": "https://access.redhat.com/errata/RHSA-2026:35387"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-57456",
"url": "https://access.redhat.com/security/cve/CVE-2026-57456"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55892",
"url": "https://access.redhat.com/security/cve/CVE-2026-55892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59856",
"url": "https://access.redhat.com/security/cve/CVE-2026-59856"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59858",
"url": "https://access.redhat.com/security/cve/CVE-2026-59858"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59857",
"url": "https://access.redhat.com/security/cve/CVE-2026-59857"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35387.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-14T11:35:28+00:00",
"generator": {
"date": "2026-07-14T11:35:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35387",
"initial_release_date": "2026-07-03T09:43:18+00:00",
"revision_history": [
{
"date": "2026-07-03T09:43:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-10T18:19:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T11:35:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-main@src",
"product": {
"name": "vim-main@src",
"product_id": "vim-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim@9.2.780-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-main@aarch64",
"product": {
"name": "vim-main@aarch64",
"product_id": "vim-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@9.2.780-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-main@x86_64",
"product": {
"name": "vim-main@x86_64",
"product_id": "vim-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@9.2.780-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-main@noarch",
"product": {
"name": "vim-main@noarch",
"product_id": "vim-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-data@9.2.780-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:vim-main@aarch64"
},
"product_reference": "vim-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:vim-main@noarch"
},
"product_reference": "vim-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:vim-main@src"
},
"product_reference": "vim-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:vim-main@x86_64"
},
"product_reference": "vim-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-55892",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-06-25T16:01:52.997166+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2492975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. A remote attacker could exploit this vulnerability by convincing a user to load a specially crafted spell file. This malicious file can trigger a stack out-of-bounds write, which corrupts the editor\u0027s memory and causes it to crash. This leads to a Denial of Service (DoS), making the editor unavailable to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Denial of Service via crafted spell file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Vim\u0027s spell file handling. The dump_prefixes() function in src/spell.c does not validate the depth of the prefix trie against the size of fixed-size stack arrays, allowing a crafted .spl file to cause a stack out-of-bounds write and crash. Red Hat ships Vim in all RHEL versions and OpenShift CoreOS. Exploitation requires a user to load a malicious spell file and run :spelldump or spelling completion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55892"
},
{
"category": "external",
"summary": "RHBZ#2492975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55892"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/8325b193bba5f01e7a7d8241f",
"url": "https://github.com/vim/vim/commit/8325b193bba5f01e7a7d8241f"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0662",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0662"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h",
"url": "https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h"
}
],
"release_date": "2026-06-25T15:32:41.238000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-03T09:43:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35387"
},
{
"category": "workaround",
"details": "Do not load untrusted spell files (.spl) from unknown sources. Avoid using :spelldump with spell files of unknown provenance.",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Denial of Service via crafted spell file"
},
{
"cve": "CVE-2026-57456",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-06-25T16:01:37.648886+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2492972"
}
],
"notes": [
{
"category": "description",
"text": "There is a security flaw in Vim. If you use Vim to open a malicious file written by a hacker, and you use the auto-complete feature while typing, the file can secretly force your computer to run unauthorized commands or malware.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via malicious docstrings in Python omni-completion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important. A vulnerability in Vim\u0027s Python omni-completion feature allows for arbitrary code execution. By opening a specially crafted file, a local attacker could execute arbitrary Python code due to improper handling of docstrings during omni-completion, leading to a compromise of the system where Vim is running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-57456"
},
{
"category": "external",
"summary": "RHBZ#2492972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-57456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-57456"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-57456",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57456"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/cce141c42740f122dd8486ae04e21c2a81016ba8",
"url": "https://github.com/vim/vim/commit/cce141c42740f122dd8486ae04e21c2a81016ba8"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0699",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0699"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3",
"url": "https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3"
}
],
"release_date": "2026-06-25T15:16:16.015000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-03T09:43:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35387"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, users should avoid opening untrusted Python files or using Python omni-completion on such files. If Python omni-completion is not required, it can be disabled by adding `autocmd FileType python setlocal omnifunc=` to your `.vimrc` file. This will prevent the vulnerable code from being executed. Disabling Python omni-completion will remove the ability to use `Ctrl-X Ctrl-O` for Python code completion. A restart of Vim is required for the changes to take effect.",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: Vim: Arbitrary code execution via malicious docstrings in Python omni-completion"
},
{
"cve": "CVE-2026-59856",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-07-09T23:01:40.406872+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remote attacker to achieve arbitrary operating-system command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via crafted PHP file in omni-completion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability as having a Moderate impact. While successful exploitation allows for arbitrary operating-system command execution when a user opens a crafted PHP file and triggers omni-completion, this feature is disabled by default in Red Hat products. The requirement for a non-default configuration, combined with mandatory user interaction, significantly reduces the real-world risk.\"",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59856"
},
{
"category": "external",
"summary": "RHBZ#2498867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59856",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59856"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59856",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59856"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24",
"url": "https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97",
"url": "https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97"
}
],
"release_date": "2026-07-09T22:39:01.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-03T09:43:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35387"
},
{
"category": "workaround",
"details": "Users should exercise caution when opening untrusted PHP files and avoid invoking omni-completion on them. To prevent exploitation, the PHP omni-completion script can be disabled by moving or renaming `phpcomplete.vim`. For example, execute `mv /usr/share/vim/vim*/autoload/phpcomplete.vim /usr/share/vim/vim*/autoload/phpcomplete.vim.bak`. This action will disable PHP omni-completion functionality. A restart of Vim is necessary for this change to take effect.",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Arbitrary code execution via crafted PHP file in omni-completion"
},
{
"cve": "CVE-2026-59857",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-07-09T23:01:27.257331+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498863"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in Vim\u0027s spell_soundfold_sal() function allows an attacker to corrupt memory and crash the editor (Denial of Service) by supplying a specially crafted word during spell sound-folding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Denial of Service via out-of-bounds write in spell sound-folding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact flaw in Vim\u0027s spell sound-folding feature can lead to a denial of service. A local attacker could provide a specially crafted word, causing an out-of-bounds write and crashing the editor. This vulnerability primarily affects interactive users of the Vim text editor.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59857"
},
{
"category": "external",
"summary": "RHBZ#2498863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59857"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/d22ff1c955ff87e8273210eae125aab0e85b6c30",
"url": "https://github.com/vim/vim/commit/d22ff1c955ff87e8273210eae125aab0e85b6c30"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2",
"url": "https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2"
}
],
"release_date": "2026-07-09T22:34:54.698000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-03T09:43:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35387"
},
{
"category": "workaround",
"details": "This vulnerability can be mitigated by preventing Vim from automatically applying editor configurations embedded in files.\nAdd the following line to the global /etc/vimrc or local ~/.vimrc configuration file:\nset nomodeline",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Denial of Service via out-of-bounds write in spell sound-folding"
},
{
"cve": "CVE-2026-59858",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-07-09T23:01:43.278752+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498868"
}
],
"notes": [
{
"category": "description",
"text": "A command injection vulnerability in Vim\u0027s C omni-completion script allows an attacker to execute arbitrary commands if a user is tricked into opening a maliciously crafted tags file and manually invoking the autocomplete feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary command execution via crafted tags file in C omni-completion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in Vim\u0027s C omni-completion script allows for arbitrary command execution. Exploitation requires a user to open a specially crafted C source file along with a malicious project tags file and then invoke C omni-completion. This limits the attack vector as it relies on specific user interaction and the presence of a hostile tags file, making it less likely to be exploited without user awareness.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59858"
},
{
"category": "external",
"summary": "RHBZ#2498868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59858"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/6b611b0d15603c52ebdad17172b0232b4f65704e",
"url": "https://github.com/vim/vim/commit/6b611b0d15603c52ebdad17172b0232b4f65704e"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x",
"url": "https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x"
}
],
"release_date": "2026-07-09T22:37:52.789000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-03T09:43:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35387"
},
{
"category": "workaround",
"details": "Users are advised to avoid opening untrusted C source files or project tags files in Vim. Exercising caution and only processing trusted content prevents exploitation.",
"product_ids": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:vim-main@aarch64",
"Red Hat Hardened Images:vim-main@noarch",
"Red Hat Hardened Images:vim-main@src",
"Red Hat Hardened Images:vim-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Arbitrary command execution via crafted tags file in C omni-completion"
}
]
}
ubuntu-cve-2026-59856
Vulnerability from osv_ubuntu
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "vim",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-athena",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-common",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-gtk",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-gtk3",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-gui-common",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-nox",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-runtime",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "vim-tiny",
"binary_version": "2:8.2.3995-1ubuntu2.34"
},
{
"binary_name": "xxd",
"binary_version": "2:8.2.3995-1ubuntu2.34"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "vim",
"purl": "pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.34?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.2.3995-1ubuntu2.34"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:8.2.2434-3ubuntu3",
"2:8.2.2434-3ubuntu4",
"2:8.2.3565-1ubuntu1",
"2:8.2.3565-1ubuntu2",
"2:8.2.3565-1ubuntu3",
"2:8.2.3565-1ubuntu5",
"2:8.2.3995-1ubuntu1",
"2:8.2.3995-1ubuntu2",
"2:8.2.3995-1ubuntu2.1",
"2:8.2.3995-1ubuntu2.3",
"2:8.2.3995-1ubuntu2.4",
"2:8.2.3995-1ubuntu2.5",
"2:8.2.3995-1ubuntu2.7",
"2:8.2.3995-1ubuntu2.8",
"2:8.2.3995-1ubuntu2.9",
"2:8.2.3995-1ubuntu2.10",
"2:8.2.3995-1ubuntu2.11",
"2:8.2.3995-1ubuntu2.12",
"2:8.2.3995-1ubuntu2.13",
"2:8.2.3995-1ubuntu2.15",
"2:8.2.3995-1ubuntu2.16",
"2:8.2.3995-1ubuntu2.17",
"2:8.2.3995-1ubuntu2.18",
"2:8.2.3995-1ubuntu2.19",
"2:8.2.3995-1ubuntu2.20",
"2:8.2.3995-1ubuntu2.21",
"2:8.2.3995-1ubuntu2.22",
"2:8.2.3995-1ubuntu2.23",
"2:8.2.3995-1ubuntu2.24",
"2:8.2.3995-1ubuntu2.26",
"2:8.2.3995-1ubuntu2.27",
"2:8.2.3995-1ubuntu2.28",
"2:8.2.3995-1ubuntu2.29",
"2:8.2.3995-1ubuntu2.30",
"2:8.2.3995-1ubuntu2.31",
"2:8.2.3995-1ubuntu2.32",
"2:8.2.3995-1ubuntu2.33"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "vim",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-athena",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-common",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-gtk3",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-gui-common",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-motif",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-nox",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-runtime",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "vim-tiny",
"binary_version": "2:9.1.0016-1ubuntu7.18"
},
{
"binary_name": "xxd",
"binary_version": "2:9.1.0016-1ubuntu7.18"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "vim",
"purl": "pkg:deb/ubuntu/vim@2:9.1.0016-1ubuntu7.18?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:9.1.0016-1ubuntu7.18"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:9.0.1672-1ubuntu2",
"2:9.0.2087-1ubuntu1",
"2:9.0.2116-1ubuntu1",
"2:9.0.2116-1ubuntu2",
"2:9.0.2184-0ubuntu1",
"2:9.0.2189-1ubuntu1",
"2:9.1.0-1ubuntu1",
"2:9.1.0016-1ubuntu2",
"2:9.1.0016-1ubuntu6",
"2:9.1.0016-1ubuntu7",
"2:9.1.0016-1ubuntu7.1",
"2:9.1.0016-1ubuntu7.2",
"2:9.1.0016-1ubuntu7.3",
"2:9.1.0016-1ubuntu7.4",
"2:9.1.0016-1ubuntu7.5",
"2:9.1.0016-1ubuntu7.6",
"2:9.1.0016-1ubuntu7.7",
"2:9.1.0016-1ubuntu7.8",
"2:9.1.0016-1ubuntu7.9",
"2:9.1.0016-1ubuntu7.10",
"2:9.1.0016-1ubuntu7.11",
"2:9.1.0016-1ubuntu7.12",
"2:9.1.0016-1ubuntu7.13",
"2:9.1.0016-1ubuntu7.14",
"2:9.1.0016-1ubuntu7.15",
"2:9.1.0016-1ubuntu7.16",
"2:9.1.0016-1ubuntu7.17"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "vim",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-common",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-gtk3",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-gui-common",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-motif",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-nox",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-runtime",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "vim-tiny",
"binary_version": "2:9.1.2141-1ubuntu4.7"
},
{
"binary_name": "xxd",
"binary_version": "2:9.1.2141-1ubuntu4.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "vim",
"purl": "pkg:deb/ubuntu/vim@2:9.1.2141-1ubuntu4.7?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:9.1.2141-1ubuntu4.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:9.1.0967-1ubuntu6",
"2:9.1.1882-1ubuntu1",
"2:9.1.1882-1ubuntu2",
"2:9.1.2141-1ubuntu1",
"2:9.1.2141-1ubuntu2",
"2:9.1.2141-1ubuntu4",
"2:9.1.2141-1ubuntu4.1",
"2:9.1.2141-1ubuntu4.2",
"2:9.1.2141-1ubuntu4.3",
"2:9.1.2141-1ubuntu4.5",
"2:9.1.2141-1ubuntu4.6"
]
}
],
"aliases": [],
"details": "Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736.",
"id": "UBUNTU-CVE-2026-59856",
"modified": "2026-07-14T21:41:35Z",
"published": "2026-07-10T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-59856"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59856"
},
{
"type": "REPORT",
"url": "https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97"
},
{
"type": "REPORT",
"url": "https://github.com/vim/vim/commit/43afc581a37a35762dd0ef292f038b9dc5680a24"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8541-1"
}
],
"related": [
"USN-8541-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-59856"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.