You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-34982
About this tag
CVE-2026-34982 is a Vim modeline bypass vulnerability affecting Vim versions earlier than 9.2.0276. It allows a crafted file to execute arbitrary OS commands, turning a text editor into a code execution vector. This poses a supply-chain-style trust issue for any workstation that opens unvetted files, as modelines are designed for portability and self-configuration, making the attack surface part of everyday workflows.
When a text editor becomes a code execution vector, the problem is no longer just a nuisance for developers; it becomes a supply-chain-style trust issue for every workstation that opens unvetted files. CVE-2026-34982 is a Vim modeline bypass that affects Vim versions earlier than 9.2.0276, and...