This Important security update addresses CVE-2026-34982 (CVSS 8.2 High), a sandbox bypass vulnerability in Vim that allows arbitrary command execution via a malicious modeline. The vulnerability affects Vim versions prior to 9.2.0276, and the fix is to upgrade to Vim version 9.2.0276 or later.
Red Hat Product Errata RHSA-2026:19224 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19224 - Security Advisory Overview Updated Packages Synopsis Important: vim security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2455400 - CVE-2026-34982 vim: arbitrary command execution via modeline sandbox bypass CVEs CVE-2026-34982 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM vim-8.2.2637-26.el9_8.4.src.rpm SHA-256: 7bbc28ad51c331dd56f93ebb3202708a3a6f88e3d18a9087eeb58b96cd91a6ce x86_64 vim-X11-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 5fdabc8056561b43716c3fdb5c99238560f8daa770d91694640789cb3d3de747 vim-X11-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: f64519e318ec55bfe1f5da0e693875dcdd1898fd9d521956bd7593ee6766d302 vim-X11-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: f64519e318ec55bfe1f5da0e693875dcdd1898fd9d521956bd7593ee6766d302 vim-common-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: a065b5dc33366e612edba71967df6c27069e91884018e85137bb36ec78175df8 vim-common-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: b9ea28f824f12d705bdc7f7ba39a0b7f0caf1198bbde98d9e7842331246c60c1 vim-common-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: b9ea28f824f12d705bdc7f7ba39a0b7f0caf1198bbde98d9e7842331246c60c1 vim-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 2451cc5580b77a56655a4bd2e5f7302d8c06402e526580b6b777226e07cee790 vim-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 2451cc5580b77a56655a4bd2e5f7302d8c06402e526580b6b777226e07cee790 vim-debugsource-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: cdd2bff57a566bfec7d729405329788d6dc85bb93dd66cdd20eaaf611d95bff5 vim-debugsource-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: cdd2bff57a566bfec7d729405329788d6dc85bb93dd66cdd20eaaf611d95bff5 vim-enhanced-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 362e5207cd9d428aab247916272e4a6c027dca46358c6e0f149275212de573bd vim-enhanced-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: d6902c861e0e922b3860c3ad2c6de9c4c0e81afec25075be52baa4deb1cc64ca vim-enhanced-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: d6902c861e0e922b3860c3ad2c6de9c4c0e81afec25075be52baa4deb1cc64ca vim-filesystem-8.2.2637-26.el9_8.4.noarch.rpm SHA-256: 402d968594669b71bd69bb5495b3b2156d6d1b2dd5326bb181d8c27e94a724ed vim-minimal-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 610d94b23f627501f12390dd951269baa9fc6d46d386e8e6f44d77442b0eaedc vim-minimal-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: afe4a06bd3a23a50a46d97f3004452fb1c654353c271c597bb7cbdcf5b8c9564 vim-minimal-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: afe4a06bd3a23a50a46d97f3004452fb1c654353c271c597bb7cbdcf5b8c9564 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM vim-8.2.2637-26.el9_8.4.src.rpm SHA-256: 7bbc28ad51c331dd56f93ebb3202708a3a6f88e3d18a9087eeb58b96cd91a6ce x86_64 vim-X11-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 5fdabc8056561b43716c3fdb5c99238560f8daa770d91694640789cb3d3de747 vim-X11-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: f64519e318ec55bfe1f5da0e693875dcdd1898fd9d521956bd7593ee6766d302 vim-X11-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: f64519e318ec55bfe1f5da0e693875dcdd1898fd9d521956bd7593ee6766d302 vim-common-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: a065b5dc33366e612edba71967df6c27069e91884018e85137bb36ec78175df8 vim-common-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: b9ea28f824f12d705bdc7f7ba39a0b7f0caf1198bbde98d9e7842331246c60c1 vim-common-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: b9ea28f824f12d705bdc7f7ba39a0b7f0caf1198bbde98d9e7842331246c60c1 vim-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 2451cc5580b77a56655a4bd2e5f7302d8c06402e526580b6b777226e07cee790 vim-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 2451cc5580b77a56655a4bd2e5f7302d8c06402e526580b6b777226e07cee790 vim-debugsource-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: cdd2bff57a566bfec7d729405329788d6dc85bb93dd66cdd20eaaf611d95bff5 vim-debugsource-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: cdd2bff57a566bfec7d729405329788d6dc85bb93dd66cdd20eaaf611d95bff5 vim-enhanced-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 362e5207cd9d428aab247916272e4a6c027dca46358c6e0f149275212de573bd vim-enhanced-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: d6902c861e0e922b3860c3ad2c6de9c4c0e81afec25075be52baa4deb1cc64ca vim-enhanced-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: d6902c861e0e922b3860c3ad2c6de9c4c0e81afec25075be52baa4deb1cc64ca vim-filesystem-8.2.2637-26.el9_8.4.noarch.rpm SHA-256: 402d968594669b71bd69bb5495b3b2156d6d1b2dd5326bb181d8c27e94a724ed vim-minimal-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: 610d94b23f627501f12390dd951269baa9fc6d46d386e8e6f44d77442b0eaedc vim-minimal-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: afe4a06bd3a23a50a46d97f3004452fb1c654353c271c597bb7cbdcf5b8c9564 vim-minimal-debuginfo-8.2.2637-26.el9_8.4.x86_64.rpm SHA-256: afe4a06bd3a23a50a46d97f3004452fb1c654353c271c597bb7cbdcf5b8c9564 Red Hat Enterprise Linux for IBM z Systems 9 SRPM vim-8.2.2637-26.el9_8.4.src.rpm SHA-256: 7bbc28ad51c331dd56f93ebb3202708a3a6f88e3d18a9087eeb58b96cd91a6ce s390x vim-X11-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: b9490f15fe7fe578372169d346526605613876e93b484ebc2383bd80399cc254 vim-X11-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 263b61aece49f68da55f71cdc68749820459aa8031915caab9ad9889151c4e68 vim-X11-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 263b61aece49f68da55f71cdc68749820459aa8031915caab9ad9889151c4e68 vim-common-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: d0752d9d98d9b505adeb0d26ee0d578cacafe67db8b7fdf1f3aaf8b79dd04598 vim-common-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: fbe364dbd70b8ce9957336c96c9de0508a6ff63ec3aa54623498327b2713d42b vim-common-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: fbe364dbd70b8ce9957336c96c9de0508a6ff63ec3aa54623498327b2713d42b vim-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 02c5e8b7d34487a76b67bf2a552824a27cdf98f3ac39ea4f951b44bdf6c88be4 vim-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 02c5e8b7d34487a76b67bf2a552824a27cdf98f3ac39ea4f951b44bdf6c88be4 vim-debugsource-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 27a77d3b79e89cc3051a5d6b18fb8ac4540f22614402d70c85aada94e7009c04 vim-debugsource-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 27a77d3b79e89cc3051a5d6b18fb8ac4540f22614402d70c85aada94e7009c04 vim-enhanced-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 310217eee2d290412d546e5624efc31f4fb0b8e680fffe17b9250b490e9e088c vim-enhanced-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 1fa3b6558f8e2d09d83767adde7d0bd8d86300eb9f3cd9d1fcac7e7f9a3a7ab5 vim-enhanced-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 1fa3b6558f8e2d09d83767adde7d0bd8d86300eb9f3cd9d1fcac7e7f9a3a7ab5 vim-filesystem-8.2.2637-26.el9_8.4.noarch.rpm SHA-256: 402d968594669b71bd69bb5495b3b2156d6d1b2dd5326bb181d8c27e94a724ed vim-minimal-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 3e8657a0060fc97044c6d43b340f52828289b6c3d8f050cb5b24adb5b36f11fa vim-minimal-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: c0ce5b58f99af437c6e9d20e831a8925bc0bea6ae3a1881486119fc5eee381d9 vim-minimal-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: c0ce5b58f99af437c6e9d20e831a8925bc0bea6ae3a1881486119fc5eee381d9 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM vim-8.2.2637-26.el9_8.4.src.rpm SHA-256: 7bbc28ad51c331dd56f93ebb3202708a3a6f88e3d18a9087eeb58b96cd91a6ce s390x vim-X11-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: b9490f15fe7fe578372169d346526605613876e93b484ebc2383bd80399cc254 vim-X11-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 263b61aece49f68da55f71cdc68749820459aa8031915caab9ad9889151c4e68 vim-X11-debuginfo-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: 263b61aece49f68da55f71cdc68749820459aa8031915caab9ad9889151c4e68 vim-common-8.2.2637-26.el9_8.4.s390x.rpm SHA-256: d0752d9d98d9b505adeb0d26ee0d