RCE in Vim

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() patter…

Vulnerability class: RCE (Remote Code Execution)

Affected products

  • Vim — versions < 9.2.0736

Weakness classification (CWE)

References