{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34714/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-34714","code-execution","vim","injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eVim, a widely used text editor, is susceptible to a critical vulnerability (CVE-2026-34714) affecting versions prior to 9.2.0272. This flaw allows for arbitrary code execution simply by opening a malicious file. The vulnerability stems from a %{expr} injection vulnerability within the tabpanel component, specifically when it lacks the P_MLE protection. The default configuration of Vim is susceptible, amplifying the risk. An attacker can craft a Vim file that, when opened, will trigger the…\u003c/p\u003e\n","date_modified":"2026-03-30T19:16:26Z","date_published":"2026-03-30T19:16:26Z","id":"/briefs/2026-03-vim-code-exec/","summary":"Vim versions before 9.2.0272 allow code execution upon opening a specially crafted file due to %{expr} injection in tabpanel lacking P_MLE in the default configuration, potentially leading to arbitrary code execution.","title":"Vim Code Execution Vulnerability via Crafted Files (CVE-2026-34714)","url":"https://feed.craftedsignal.io/briefs/2026-03-vim-code-exec/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34714","version":"https://jsonfeed.org/version/1.1"}