{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-06T17:54:42Z",
  "bugzilla" : {
    "description" : "vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass",
    "id" : "2455542",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455542"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-22",
  "details" : [ "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.", "A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise." ],
  "statement" : "There's a flaw in `zip.vim` plugin in Vim, allowing a local attacker to overwrite arbitrary files. A user must be tricked into opening a specially crafted zip archive for exploitation, potentially compromising data integrity or the system. When successfully exploited this vulnerability enables the attacker to overwrite arbitrary files or inject code in sensitive system's location, the impact of the exploitation depends on the privileges which the `vim` process is being executed. Sensitive or privileges files are only susceptible to be overwritten only if the `vim` process is being executed by a high privileged user.\nRed Hat Product Security team has rated this vulnerability as having a impact of MODERATE, this decision was made by the fact the user needs to be tricked to open a maliciously crafted file in order to a successful attack to be performed. Additionally the impact will be limited to files which the user running the `vim` process has write permissions.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-35177\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35177\nhttps://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24" ],
  "name" : "CVE-2026-35177",
  "mitigation" : {
    "value" : "Avoid opening untrusted zip archives with Vim. This operational control prevents the necessary user interaction required to trigger the path traversal vulnerability in the `zip.vim` plugin.",
    "lang" : "en:us"
  },
  "csaw" : false
}