A critical vulnerability (CVE-2026-34982, CVSS 8.2 HIGH) in Vim allows arbitrary command execution via a modeline sandbox bypass. The flaw affects Vim versions prior to 9.2.0276, and the fix requires upgrading to Vim version 9.2.0276.
Red Hat Product Errata RHSA-2026:11509 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11509 - Security Advisory Overview Updated Packages Synopsis Important: vim security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2455400 - CVE-2026-34982 vim: arbitrary command execution via modeline sandbox bypass CVEs CVE-2026-34982 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM vim-8.0.1763-22.el8_10.3.src.rpm SHA-256: c8dfd989cbaa388c5b7ee732c46412687c2f68684f90e09fd2449d566417acc8 x86_64 vim-X11-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 3b8c5b37443a224facf54eb70069e4c5483a7e1fb7df0ab2b83235d156166a0f vim-X11-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 200282b9a9cdceed34883675e00a31d08bc40714f1c6e5685cbdaaade773bc53 vim-X11-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 200282b9a9cdceed34883675e00a31d08bc40714f1c6e5685cbdaaade773bc53 vim-common-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 68b92bff5f97128d969e69a583f90b9fd0b3a2b45be22f41643d588ac96f980e vim-common-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: efb8214907b2c6b54246b1294e951ccbcb008926cd7003d8f77dcbd3317897e1 vim-common-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: efb8214907b2c6b54246b1294e951ccbcb008926cd7003d8f77dcbd3317897e1 vim-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 27084e32839994a66c8786c6a4ae0314ac3e5d1ede419249367b5e6ad00b4d91 vim-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 27084e32839994a66c8786c6a4ae0314ac3e5d1ede419249367b5e6ad00b4d91 vim-debugsource-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 4ddcc2a9097200f86bb4c8f7bc6c3f1752cf60bf277458e7714239c4fb91e0b1 vim-debugsource-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 4ddcc2a9097200f86bb4c8f7bc6c3f1752cf60bf277458e7714239c4fb91e0b1 vim-enhanced-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: df6f3931e771bb3ded1ab1100f34ac39799416ec8c590337ba1d298ad14f472f vim-enhanced-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 08b9b278739c7cace8403af28ab1f720cbfd05e926eaa9fb0e9dc1977d1fac3d vim-enhanced-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 08b9b278739c7cace8403af28ab1f720cbfd05e926eaa9fb0e9dc1977d1fac3d vim-filesystem-8.0.1763-22.el8_10.3.noarch.rpm SHA-256: d44f7379893f3d2cd425af0b6efdf47ce8d560b921a1315437c0134ecefebe95 vim-minimal-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: 75b7b39f95d2386bfbb2ce81110748b3340257f9acbb70680282f533f603ed9d vim-minimal-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: b0abd91d02d68c41385fc6b2fac23c78d98f709aed87d8f4e8c8e9d273c194b1 vim-minimal-debuginfo-8.0.1763-22.el8_10.3.x86_64.rpm SHA-256: b0abd91d02d68c41385fc6b2fac23c78d98f709aed87d8f4e8c8e9d273c194b1 Red Hat Enterprise Linux for IBM z Systems 8 SRPM vim-8.0.1763-22.el8_10.3.src.rpm SHA-256: c8dfd989cbaa388c5b7ee732c46412687c2f68684f90e09fd2449d566417acc8 s390x vim-X11-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 3a658b57169cc2075021bd94a04eec23206e2a2dffb88d56c102b07ca332a6c8 vim-X11-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 3fa64b62356b346f12cbdcfbd7fce43bb5d183acc08acaa6d74b914cab28141e vim-X11-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 3fa64b62356b346f12cbdcfbd7fce43bb5d183acc08acaa6d74b914cab28141e vim-common-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: c4a583e70fac0332da3e40950bed8180d2ff1936238e0f42b9c506c13ff8e7a0 vim-common-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 956f52f133cd691f7f6d0704a84bd2b26ce234ce8f7e6575a1c84e08c1acab1c vim-common-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 956f52f133cd691f7f6d0704a84bd2b26ce234ce8f7e6575a1c84e08c1acab1c vim-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: f8c21e9c759485c56b585c979632cfdcd8a3c7622aa82cd270ffd630951e1565 vim-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: f8c21e9c759485c56b585c979632cfdcd8a3c7622aa82cd270ffd630951e1565 vim-debugsource-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: f12a334bed190567d4ba5e72a7b36b56b3c209bf82e85c78bc5398a2f2e867d9 vim-debugsource-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: f12a334bed190567d4ba5e72a7b36b56b3c209bf82e85c78bc5398a2f2e867d9 vim-enhanced-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 442021aa62c6f2049bcd7edada29fb2482a3fae96089b9e25b33211bbab7b4f6 vim-enhanced-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 3dda0342a196ede1a780011aed1c789602a20fb52f30237f91ea60cf0f52c206 vim-enhanced-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: 3dda0342a196ede1a780011aed1c789602a20fb52f30237f91ea60cf0f52c206 vim-filesystem-8.0.1763-22.el8_10.3.noarch.rpm SHA-256: d44f7379893f3d2cd425af0b6efdf47ce8d560b921a1315437c0134ecefebe95 vim-minimal-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: c08c3c99c38021d2c624c00bd700682477cc5ba8670aa55cf945b3178a2c1b19 vim-minimal-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: aceb7f971204d042f17101aa5f9a596c5b4bb0bdd9f94c8222d07e477d0bdc8f vim-minimal-debuginfo-8.0.1763-22.el8_10.3.s390x.rpm SHA-256: aceb7f971204d042f17101aa5f9a596c5b4bb0bdd9f94c8222d07e477d0bdc8f Red Hat Enterprise Linux for Power, little endian 8 SRPM vim-8.0.1763-22.el8_10.3.src.rpm SHA-256: c8dfd989cbaa388c5b7ee732c46412687c2f68684f90e09fd2449d566417acc8 ppc64le vim-X11-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: aa88d1a747ff1e3ae01f5b2d72280ab357dc54f5e8bf9aea0beb6d070bc4f824 vim-X11-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 289f145207b57e48fd964160be226a69b7f59fff478e5c70a3cfc73a34df80c2 vim-X11-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 289f145207b57e48fd964160be226a69b7f59fff478e5c70a3cfc73a34df80c2 vim-common-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 49e23ad2f1a67a97948f03f86722f33960788046d2dcf0a9673b3e0da9e424b1 vim-common-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: f98388bf6c57ad7c4a46e16dfeda419c7ca7cc99c0cdfb6b44096529b9cf3360 vim-common-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: f98388bf6c57ad7c4a46e16dfeda419c7ca7cc99c0cdfb6b44096529b9cf3360 vim-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: ee60029307b5b8452799666a6a5f64aca2e23a699dad259121114024d5857806 vim-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: ee60029307b5b8452799666a6a5f64aca2e23a699dad259121114024d5857806 vim-debugsource-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 56fb208b09c7253f95131206174dc88219e8bf4da9bcafdc5553a514e08da5c7 vim-debugsource-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 56fb208b09c7253f95131206174dc88219e8bf4da9bcafdc5553a514e08da5c7 vim-enhanced-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 9f0b453d8afbcc0c626d8ffefa40e82d0535e46ee899494bed64b912271e90dd vim-enhanced-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 753d9e541db27c2c8b420eeea8df1f19ae6f25336587fb806fbe52386a15d2bc vim-enhanced-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 753d9e541db27c2c8b420eeea8df1f19ae6f25336587fb806fbe52386a15d2bc vim-filesystem-8.0.1763-22.el8_10.3.noarch.rpm SHA-256: d44f7379893f3d2cd425af0b6efdf47ce8d560b921a1315437c0134ecefebe95 vim-minimal-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: 6b545f87687015aa80eb4e05f207a6655a0932d8a0b153f0b1409cc031c87da8 vim-minimal-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: b0d0c036e9425bb14c5e01251cdc250bb756b5b360c8b757a91b4a97acb504a6 vim-minimal-debuginfo-8.0.1763-22.el8_10.3.ppc64le.rpm SHA-256: b0d0c036e9425bb14c5e01251cdc250bb756b5b360c8b757a91b4a97acb504a6 Red Hat Enterprise Linux for ARM 64 8 SRPM vim-8.0.1763-22.el8_10.3.src.rpm SHA-256: c8dfd989cbaa388c5b7ee732c46412687c2f68684f90e09fd2449d566417acc8 aarch64 vim-X11-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 10c28492f02c87f0f312af6cdd3cef790ed9da72ced11dfee3055309bbf557af vim-X11-debuginfo-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 0d1544f91585acb5e69fa972b7b431003cdd4ad11b456cc1ed6bc6ea38e737bd vim-X11-debuginfo-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 0d1544f91585acb5e69fa972b7b431003cdd4ad11b456cc1ed6bc6ea38e737bd vim-common-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 920c425a35d964c85f20abe29db1be73f300090f7f76c54328247acbef9c14db vim-common-debuginfo-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 4cd2d9a7f3c177bc6dd80f200b44f6e17631a80e20c7492ac2c7d3e95f188329 vim-common-debuginfo-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 4cd2d9a7f3c177bc6dd80f200b44f6e17631a80e20c7492ac2c7d3e95f188329 vim-debuginfo-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 988c217ff1d9624269e2908f739f57efcd683c3f8eef34439c0d605d69869d8a vim-debuginfo-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: 988c217ff1d9624269e2908f739f57efcd683c3f8eef34439c0d605d69869d8a vim-debugsource-8.0.1763-22.el8_10.3.aarch64.rpm SHA-256: