Hirohito Higashi discovered that Vim incorrectly escaped class or trait names when performing PHP omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted PHP file and executing arbitrary commands. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856)
Hirohito Higashi discovered that Vim incorrectly handled sound-folding of certain words when using a spell file. An attacker could possibly use this issue to cause Vim to crash, resulting in a denial of service. (CVE-2026-59857)
It was discovered that Vim incorrectly escaped certain tags file fields when performing C omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted file and executing arbitrary commands. (CVE-2026-59858)
2:8.2.3995-1ubuntu2.342:9.1.0016-1ubuntu7.182:9.1.2141-1ubuntu4.72:7.4.052-1ubuntu3.1+esm312:7.4.1689-3ubuntu1.5+esm372:8.0.1453-1ubuntu1.13+esm222:8.1.2269-1ubuntu5.32+esm10