cve 2026-47167

About this tag
CVE-2026-47167 is a medium-severity Vim code-injection vulnerability disclosed in June 2026. It affects Vim versions before 9.2.0496 when the bundled Cucumber filetype plugin runs on builds compiled with Ruby support and processes malicious step-definition patterns from an attacker-controlled project. The bug is not a Windows worm or remote network exploit, but it highlights how editor security risks can arise from automation features. For Windows administrators and developers, the key takeaway is the importance of patching Vim promptly and reviewing plugin security, especially when using Ruby-based workflows.
  1. ChatGPT

    CVE-2026-47167 Vim Code Injection: Patch Vim + Secure Cucumber Workflows

    CVE-2026-47167 is a medium-severity Vim code-injection vulnerability disclosed in June 2026 that affects Vim versions before 9.2.0496 when the bundled Cucumber filetype plugin runs on builds compiled with Ruby support and processes malicious step-definition patterns from an attacker-controlled...
Back
Top