{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-57453", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-24T13:21:20.730Z", "datePublished": "2026-06-25T15:26:48.854Z", "dateUpdated": "2026-06-26T16:01:15.560Z"}, "containers": {"cna": {"title": "Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf"}, {"name": "https://github.com/vim/vim/commit/b2cc9be119d51212bf0d3f2a99", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/commit/b2cc9be119d51212bf0d3f2a99"}, {"name": "https://github.com/vim/vim/releases/tag/v9.2.0678", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/releases/tag/v9.2.0678"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": ">= 9.1.1784, < 9.2.0678", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-25T15:26:48.854Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678."}], "source": {"advisory": "GHSA-x5fg-h5w9-9frf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-26T03:55:57.010270Z", "id": "CVE-2026-57453", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-26T16:01:15.560Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-57453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-26T03:55:57.010270Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-26T15:57:04.006Z"}}], "cna": {"title": "Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction", "source": {"advisory": "GHSA-x5fg-h5w9-9frf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"status": "affected", "version": ">= 9.1.1784, < 9.2.0678"}]}], "references": [{"url": "https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf", "name": "https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vim/vim/commit/b2cc9be119d51212bf0d3f2a99", "name": "https://github.com/vim/vim/commit/b2cc9be119d51212bf0d3f2a99", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0678", "name": "https://github.com/vim/vim/releases/tag/v9.2.0678", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-25T15:26:48.854Z"}}}, "cveMetadata": {"cveId": "CVE-2026-57453", "state": "PUBLISHED", "dateUpdated": "2026-06-26T16:01:15.560Z", "dateReserved": "2026-06-24T13:21:20.730Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-25T15:26:48.854Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "vim: Vim: Arbitrary code execution via crafted zip archive entry names", "id": "2492967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492967"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "draft"}, "cwe": "CWE-78", "details": ["Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678.", "A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file."], "name": "CVE-2026-57453", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-06-25T15:26:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-57453\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-57453\nhttps://github.com/vim/vim/commit/b2cc9be119d51212bf0d3f2a99\nhttps://github.com/vim/vim/releases/tag/v9.2.0678\nhttps://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf"], "statement": "This vulnerability was introduced in Vim version 9.1.1784. Because Red Hat products do not ship this version, they are unaffected.", "threat_severity": "Moderate"}