CVE-2026-34714

CRITICAL

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

CVSS v3.1 Score

9.2
CRITICAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Attack Vector
LOCAL
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
LOW
Published: 3/30/2026Modified: 4/3/2026

Related Intelligence (1)

CRITICALZero Day

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

Developers can spend days using fuzzing tools to find security weaknesses in code. Alternatively, they can simply ask an LLM to do the job for them in seconds. The catch: LLMs are evolving so rapidly that this convenience might come with hidden dangers. The latest example is from researcher Hung Nguyen from AI red teaming company Calif, who, with simple prompts to Anthropic’s Claude Code, was able

CVE-2026-34714
CSO Online

References (7)

https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459Patchhttps://github.com/vim/vim/releases/tag/v9.2.0272Release Noteshttps://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvhVendor Advisoryhttps://www.openwall.com/lists/oss-security/2026/03/30/3Mailing ListThird Party Advisoryhttp://www.openwall.com/lists/oss-security/2026/04/02/4Issue TrackingMailing Listhttp://www.openwall.com/lists/oss-security/2026/04/02/5http://www.openwall.com/lists/oss-security/2026/04/03/6