CVE Catalog

CVE-2026-47167

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

In the Vim text editor prior to version 9.2.0496, a code injection vulnerability exists in the s:stepmatch() function of the cucumber filetype plugin. Step-definition patterns read from .rb files can be exploited to execute arbitrary Ruby commands, posing a risk of executing malicious code.

Risk Assessment

This vulnerability allows attackers to execute arbitrary commands on the system, potentially leading to severe security breaches and data loss within the organization.

Recommendation

It is recommended to update Vim to version 9.2.0496 or later to mitigate this vulnerability. Additionally, avoid using untrusted repositories containing .rb files.

Original NVD description (English source)

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's features/*/ or stories/*/ directories are embedded into a Ruby Kernel.eval argument without sufficient escaping, allowing a crafted pattern in an attacker-controlled repository to execute arbitrary Ruby (and through it arbitrary shell commands) when the user invokes a step-jump mapping ([d, ]d). This issue has been patched in version 9.2.0496.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS