CVE-2026-35177

MEDIUM

OESA-2026-2177 vim security update

Details

CVSS v3: 4.1
NVD published: 2026-04-06 18:16:44
EPSS: <0.1% probability · 3.2th percentile — 2026-05-02
Affected versions: cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Summary: Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.