GHSA-mfxw-q267-mgp6CriticalCVSS 9.2

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in...

Published
March 30, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

🔗 References (12)