Vim Python Omni-Completion Flaws Enable Local Code Execution
Vim disclosed two medium-severity local code execution flaws in its Python omni-completion feature that can run attacker-controlled code when a user opens a malicious Python file and manually triggers completion, such as with CTRL-X CTRL-O. The first issue affects versions before 9.2.0561 and stems from the completer re-executing harvested import statements, which can load attacker-controlled sibling modules from the working directory in builds compiled with +python3 or legacy +python and with filetype plugins enabled. Vim fixed that behavior in patch 9.2.0561 by disabling execution of harvested imports by default and allowing trusted users to re-enable it with g:pythoncomplete_allow_import = 1.
A second flaw, later assigned CVE-2026-52860, affects versions before 9.2.0597 and bypasses that earlier mitigation because Vim reconstructs Python function and class definitions from the current buffer and executes them with exec(). That allows attacker-controlled default values, annotations, and class base expressions to run inside the user's Vim process when omni-completion is invoked, including by plugins that call the completion function. Vim said the issue does not affect builds without Python support and released patch 9.2.0597; the disclosures credit tonghuaroot for the earlier bug and DavidCarliez for reporting and analyzing the later exec()-based issue.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Vim discloses second Python omni-completion RCE fixed in v9.2.597
Vim disclosed a second medium-severity arbitrary code execution vulnerability affecting versions earlier than 9.2.597, where Python omni-completion reconstructs definitions from the current buffer and executes them with exec(), allowing attacker-controlled expressions to run. The issue was fixed in patch v9.2.597, and the advisory noted the earlier g:pythoncomplete_allow_import mitigation did not prevent this attack path.
Vim fixes Python omni-completion import execution flaw in v9.2.0561
A medium-severity arbitrary local code execution vulnerability in Vim's Python omni-completion was disclosed for versions prior to 9.2.0561. Vim fixed the issue in patch v9.2.0561 by disabling execution of harvested import statements by default, and credited GitHub user tonghuaroot with reporting, analysis, a proof of concept, and a suggested fix.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
oss-sec: [vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.597
seclists.org
Open sourceArbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0597 · Advisory · vim/vim · GitHub
github.com
Open sourceoss-sec: [vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561
seclists.org
Open sourceoss-sec: [vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561
seclists.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Code Execution Vulnerabilities Reported in Vim
German CERT advisories identified **code execution vulnerabilities** in `vim`, the widely used text editor, in two separate notices. The advisories, `2026-0782` and `2026-0886`, both describe flaws that could allow an attacker to execute code, indicating ongoing security issues affecting the application. The notices provide limited public detail, but the repeated classification of the issue as code execution highlights potential risk for systems where `vim` is installed or used to process untrusted content. Organizations using `vim` should review the associated advisories, determine affected versions in their environments, and prioritize vendor patches or other mitigations as they become available.
May 4, 2026Vim Cucumber Plugin Code Injection Lets Malicious Repos Execute Ruby
Vim disclosed a medium-severity code injection flaw in its Cucumber filetype plugin that affects versions earlier than `9.2.0496` when compiled with `+ruby` support. The bug is in `s:stepmatch()` in `runtime/ftplugin/cucumber.vim`, where attacker-controlled step-definition regex patterns from repository `.rb` files were inserted into Ruby `Kernel.eval()` without sufficient escaping, allowing arbitrary Ruby execution and potentially shell command execution. The issue is tracked in GitHub Security Advisory `GHSA-4473-94jm-w5x9` and mapped to `CWE-94` and `CWE-95`. Exploitation requires a user to open a malicious cucumber-style repository and trigger the step-jump mappings `[`d`]` or `]d` on a matching feature line; the vulnerability does **not** fire through omni-completion alone because `CucumberComplete()` does not call the vulnerable path. Vim fixed the bug in patch `9.2.0496` by replacing `Kernel.eval()` with `Regexp.new()`, keeping the regex as untrusted data rather than executable code, and added a regression test using a proof-of-concept payload that attempted to invoke `system("touch ...")`. The project credited Aisle Research for reporting and analyzing the flaw.
May 25, 2026
Vim Modeline Bypass Enables Arbitrary Command Execution
Vim disclosed a high-severity vulnerability that lets attackers achieve arbitrary OS command execution when a user opens a crafted file in affected versions earlier than **9.2.0276**. The flaw is a modeline sandbox bypass caused by missing security-related `P_MLE` flags on the `complete`, `guitabtooltip`, and `printheader` options, allowing unsafe behavior from modelines that should have been restricted. The bug also involves a missing `check_secure()` call in `mapset()`, which creates additional exploitation paths through key mappings and option handling. Researchers showed that the `complete` option could abuse `F{func}` callback syntax without the protections applied to `completefunc`, while `guitabtooltip` and `printheader` could be leveraged through `mapset()`. Vim fixed the issue in patch **v9.2.0276**, and the advisory was later assigned **CVE-2026-34982**; the project credited **dfwjj x** and **Avishay Matayev** for the discovery and analysis.
Apr 2, 2026