RCE in Vim

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pa…

Vulnerability class: RCE (Remote Code Execution)

Affected products

  • Vim — versions < 9.2.0735

Weakness classification (CWE)

References