Detections
Analytics

Alpine: gvim, multiple vim packages, xxd: security update to 9.2.0498-r0

high Tenable Cloud Security Plugin ID 443106

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion
 script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy
 pythoncomplete.vim for builds with the +python interpreter) executes the import and from statements found
 in the current buffer through Python's import machinery. Because the buffer's working directory is on
 sys.path, opening a hostile .py file with a sibling Python package and invoking omni-completion runs that
 package's top-level code as the editing user. This issue has been patched in version 9.2.0561.
 (CVE-2026-52858)

Solution

Update the gvim library and its related packages to version 9.2.0498-r0 or later.

See Also

https://security.alpinelinux.org/vuln/CVE-2026-52858

Plugin Details

Severity: High

ID: 443106

Version: Revision 1.4

Type: Local

Published: 6/12/2026

Updated: 6/16/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-52858

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.3

Threat Score: 4.4

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/11/2026

Reference Information

CVE: CVE-2026-52858