CVE-2026-52860— Vim: Arbitrary Code Execution via Python Omni-Completion
Possible ATT&CK Techniques 1AI
T1059.004 · Unix ShellGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-52860
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vim: Arbitrary Code Execution via Python Omni-Completion
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default values, parameter annotations, and class base expressions at definition time, so a hostile buffer can execute attacker-controlled Python expressions during omni-completion. The existing g:pythoncomplete_allow_import mitigation (GHSA-52mc-rq6p-rc7c) does not cover this path, because the attacker-controlled code is not a harvested import/from statement. This issue has been patched in version 9.2.0597.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vim 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vim是Vim开源的一款跨平台的文本编辑器。 Vim 9.2.0597之前版本存在代码注入漏洞,该漏洞源于Python omni-completion在填充补全字典时使用exec()执行从当前缓冲区重建的函数和类定义,Python在定义时评估函数默认值、参数注解和类基表达式,恶意缓冲区可在omni-completion期间执行攻击者控制的Python表达式。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-52860
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-52860
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-52860 (1)
Vendor Advisories for CVE-2026-52860 (2)
Vendor Pages for CVE-2026-52860 (1)
- 🔗 Release v9.2.0597 · vim/vim · GitHubx_refsource_MISC
Same Patch Batch · vim · 2026-06-11 · 5 CVEs total
| CVE-2026-47167 | Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition rege | |
| CVE-2026-47162 | Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name | |
| CVE-2026-52858 | Vim: Arbitrary Code Execution via Python Omni-Completion | |
| CVE-2026-52859 | Vim: Out-of-bounds Read in Terminal Screen Snapshot |
IV. Related Vulnerabilities
Same product: vim
- CVE-2026-55693
Vim: Out-of-bounds Write in Spell File Word Count - CVE-2026-55892
Vim: Out-of-bounds Write in Spell File Prefix Dump - CVE-2026-55895
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() vi - CVE-2026-57451
Vim: Out-of-bounds Read in Text Property Count - CVE-2026-57452
Vim: Out-of-bounds Read with libsodium-encrypted Files
Same vendor: vim
- CVE-2026-55693
Vim: Out-of-bounds Write in Spell File Word Count - CVE-2026-55892
Vim: Out-of-bounds Write in Spell File Prefix Dump - CVE-2026-55895
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() vi - CVE-2026-57451
Vim: Out-of-bounds Read in Text Property Count - CVE-2026-57452
Vim: Out-of-bounds Read with libsodium-encrypted Files
Same weakness: CWE-94
V. Comments for CVE-2026-52860
No comments yet