id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
5947	vim-9.2.0597 (Security Update)	Douglas R. Reno	lfs-book	"This fixes another arbitrary code execution issue in the Python omni-completion functionality:

{{{
Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.597
====================================================================

Date: 2026-06-04
Severity: Medium
CVE: *requested, not yet assigned*
CWE: Improper Control of Generation of Code (CWE-94)

## Summary

Vim's Python omni-completion executes reconstructed function and class
definitions from the current buffer with `exec()` as part of populating
the completion dictionary. Python evaluates function default values,
parameter annotations, and class base expressions at definition time,
so a hostile buffer can execute attacker-controlled Python expressions
during omni-completion. The existing `g:pythoncomplete_allow_import`
mitigation (GHSA-52mc-rq6p-rc7c) does not cover this path, because the
attacker-controlled code is not a harvested `import`/`from` statement.

## Description

In `runtime/autoload/python3complete.vim` (and the legacy
`pythoncomplete.vim`), the omni-completion entry point calls
`exec(src, self.compldict)` on source reconstructed from the parsed
buffer. The reconstructed source includes function definitions whose
parameter lists are joined verbatim from tokens harvested by the
internal `_parenparse()` helper, which preserves default expressions
and annotations as written in the buffer. The same applies to class
base lists. When `exec()` runs the reconstructed `def` and `class`
statements, Python evaluates those expressions.

## Impact

An attacker who can convince a user to open or edit a hostile Python
buffer and trigger Python omni-completion (CTRL-X CTRL-O, or a plugin
that invokes the completion function) can execute Python code in the
user's Vim process. The code runs with the user's privileges.

Vim built without `+python3` and `+python` is not affected. Triggering
omni-completion in the hostile buffer is required; opening the file
alone is not sufficient.

## Acknowledgements

The Vim project would like to thank github user DavidCarliez for
reporting and analyzing the issue.

## References

The issue has been fixed as of Vim patch [v9.2.597](https://github.com/vim/vim/releases/tag/v9.2.0597).
- [Commit](https://github.com/vim/vim/commit/c8c63673bc4253212820626aeeb75999d9a539d2)
- [Github Security Advisory](https://github.com/vim/vim/security/advisories/GHSA-65p9-mwwx-7468)
- [Github Security Advisory GHSA-52mc-rq6p-rc7c](https://github.com/vim/vim/security/advisories/GHSA-52mc-rq6p-rc7c)
  (prior mitigation for the same surface)
}}}"	enhancement	new	high	13.1	Book	git	normal