Fedora Account System
Red Hat Associate
Red Hat Customer
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:11389 https://access.redhat.com/errata/RHSA-2026:11389
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:11510 https://access.redhat.com/errata/RHSA-2026:11510
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:11509 https://access.redhat.com/errata/RHSA-2026:11509
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19073 https://access.redhat.com/errata/RHSA-2026:19073
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19224 https://access.redhat.com/errata/RHSA-2026:19224
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:28049 https://access.redhat.com/errata/RHSA-2026:28049
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:28050 https://access.redhat.com/errata/RHSA-2026:28050
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:28133 https://access.redhat.com/errata/RHSA-2026:28133
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:30900 https://access.redhat.com/errata/RHSA-2026:30900
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:33453 https://access.redhat.com/errata/RHSA-2026:33453
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:34477 https://access.redhat.com/errata/RHSA-2026:34477
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:34476 https://access.redhat.com/errata/RHSA-2026:34476