CVE-2026-35177
đļ mediumSummary
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.
CVSS Score
4.1
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-04-06
First Seen: 2026-04-07
đ Relative Risk Intelligence
This CVE is Lower Risk - more severe than 5.2% of all 329,456 vulnerabilities in our database.
#312,168
Below average severity
Severity Percentile
đ¯ CISA SSVC Assessment Updated: Apr 7, 2026
đ Exploitation Status
None
No known exploits
âī¸ Automatable
NO
Requires human interaction
đĨ Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-04-20
Source
NVD đ
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L
CWE IDs (Weakness Types)