oM noM Security Feeds cve
vulnerability context

CVE-2026-35177

CVSS 4.1 MEDIUMEPSS 2.6%CWE-22OTX 17 pulses

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.

Published 2026-04-06 · last modified 2026-06-17

details

CISA KEV status
Not in catalog
CVSS v3
4.1 / MEDIUM
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L
EPSS
2.6% percentile (score 0.0013)
CWE
CWE-22
OTX pulses
17 total, 0 recent

source mentions 2

source consensus

  • Ubuntu Security Notices
  • MSRC Update Guide
Want the 3-bullet summary of CVE-2026-35177, plus webhook alerts when KEV is updated? Pro is $10/mo.