RHSA-2026:28050HighCVSS 8.2
Red Hat Security Advisory: vim security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2026-34982 — vim: arbitrary command execution via modeline sandbox bypass CVE-2026-35177 — vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-41411 — vim: Vim: Command injection allows arbitrary code execution via malicious tag files CVE-2026-46483 — vim: command injection when decompressing .tgz archives
🔗 References (7)
- selfhttps://access.redhat.com/errata/RHSA-2026:28050
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2455400
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2455542
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461614
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477915
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28050.json