CVE-2026-35177 Vim — Exploit & Vulnerability Details MEDIUM

CVE-2026-35177

MEDIUM CVSS 3.1: 4.1 EPSS 0.01%

Parameter	Value
CVSS	4.1 (MEDIUM)
Fixed In	9.2.0280
Type	CWE-22 (Path Traversal)
Vendor	Vim
Public PoC	No

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

References 1

https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34982

Vim

8.2

CVE-2026-34714

Vim

8.6

CVE-2026-33412

Vim

7.3

CVE-2026-28422

Vim

2.2

CVE-2026-28421

Vim

5.3

Menu

CVE-2026-35177

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-34982

CVE-2026-34714

CVE-2026-33412

CVE-2026-28422

CVE-2026-28421

CVE Details

Editor's Choice

Menu

CVE-2026-35177

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-34982

CVE-2026-34714

CVE-2026-33412

CVE-2026-28422

CVE-2026-28421

CVE Details

Editor's Choice

Stay informed on cybersecurity