Zero Day MonitorZDM

← Back to list

—

CVE-2026-52859EXPLOITEDPATCHED

vim · vim

Vim: Out-of-bounds Read in Terminal Screen Snapshot

Description

A vulnerability categorized as problematic has been discovered in vim up to 9.2.564. This issue affects the function update_snapshot of the file src/terminal.c of the component Command Line Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2026-52859. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Affected Products

Vendor	Product	Versions
vim	vim	< 9.2.0565, < 9.2.564

References

https://github.com/vim/vim/security/advisories/GHSA-47gw-8gc3-mgcm(x_refsource_CONFIRM)
https://github.com/vim/vim/commit/63680c6d3d52477817b49cd1a66e7aabe8a7aa19(x_refsource_MISC)
https://github.com/vim/vim/releases/tag/v9.2.0565(x_refsource_MISC)

Related News (2 articles)

Tier A

Microsoft MSRC5d ago

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

→ No new info (linked only)

Tier C

VulDB6d ago

CVE-2026-52859 | vim up to 9.2.564 Command Line src/terminal.c update_snapshot out-of-bounds (GHSA-47gw-8gc3-mgcm)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

9.2.564

CWECWE-125

PublishedJun 11, 2026

Last enriched6d agov2

Trending Score30

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-52860EXP

Vim: Arbitrary Code Execution via Python Omni-Completion

NONECVE-2026-47162EXP

Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

NONECVE-2026-52858EXP

Vim: Arbitrary Code Execution via Python Omni-Completion

NONECVE-2026-47167

Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

Out-of-bounds Read in Text Property Count in Vim < 9.2.0670

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 11, 2026

Discovered by ZDM

Jun 11, 2026

Actively Exploited

Jun 11, 2026

Patch Available

Jun 11, 2026

Updated: description, affectedVersions, severity, activelyExploited, patchAvailable

Jun 11, 2026

Version History

v2

Last enriched 6d ago

v2Tier C6d ago

Updated description with new details, changed severity to HIGH, and noted that the patch is available in version 9.2.564.

descriptionaffectedVersionsseverityactivelyExploitedpatchAvailable

via VulDB

v16d ago

Initial creation