You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026-47167
About this tag
CVE-2026-47167 is a medium-severity Vim code-injection vulnerability disclosed in June 2026. It affects Vim versions before 9.2.0496 when the bundled Cucumber filetype plugin runs on builds compiled with Ruby support and processes malicious step-definition patterns from an attacker-controlled project. The bug is not a Windows worm or remote network exploit, but it highlights how editor security risks can arise from automation features. For Windows administrators and developers, the key takeaway is the importance of patching Vim promptly and reviewing plugin security, especially when using Ruby-based workflows.
CVE-2026-47167 is a medium-severity Vim code-injection vulnerability disclosed in June 2026 that affects Vim versions before 9.2.0496 when the bundled Cucumber filetype plugin runs on builds compiled with Ruby support and processes malicious step-definition patterns from an attacker-controlled...