{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-15T14:57:31Z",
  "bugzilla" : {
    "description" : "vim: command injection when decompressing .tgz archives",
    "id" : "2477915",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477915"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-78",
  "details" : [ "Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in\nruntime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.", "A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape() without the {special} flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current user." ],
  "statement" : "To exploit this issue, an attacker needs to convince a user to decompress a .tgz archive with a specially crafted filename. Additionally, possible arbitrary command execution is restricted to the context of the user running Vim. These conditions limit the exposure of this vulnerability and the potential of a full system compromise. Due to these reasons, this flaw has been rated with a moderate severity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-23T00:00:00Z",
    "advisory" : "RHSA-2026:28133",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "vim-2:8.2.2637-20.el9_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28049",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "vim-2:8.2.2637-20.el9_4.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28050",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "vim-2:8.2.2637-22.el9_6.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-46483\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46483\nhttps://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1\nhttps://github.com/vim/vim/releases/tag/v9.2.0479\nhttps://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w" ],
  "name" : "CVE-2026-46483",
  "mitigation" : {
    "value" : "To mitigate this vulnerability, do not decompress untrusted .tgz archives with the Vimuntar command. Use 'tar -x -z -f' directly, instead.",
    "lang" : "en:us"
  },
  "csaw" : false
}