Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-44656

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 May, 2026 | 22:40
Updated At-11 May, 2026 | 14:36
Rejected At-
Credits

Vim: OS Command Injection via 'path' completion

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 May, 2026 | 22:40
Updated At:11 May, 2026 | 14:36
Rejected At:
â–¼CVE Numbering Authority (CNA)
Vim: OS Command Injection via 'path' completion

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.

Affected Products
Vendor
Vimvim
Product
vim
Versions
Affected
  • < 9.2.0435
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
4.04.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
x_refsource_CONFIRM
https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0435
x_refsource_MISC
Hyperlink: https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0
Resource:
x_refsource_MISC
Hyperlink: https://github.com/vim/vim/releases/tag/v9.2.0435
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 May, 2026 | 23:16
Updated At:14 May, 2026 | 13:59

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Type: Secondary
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CPE Matches

Vim
vim
>>vim>>Versions before 9.2.0435(exclusive)
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarysecurity-advisories@github.com
CWE ID: CWE-78
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0security-advisories@github.com
Patch
https://github.com/vim/vim/releases/tag/v9.2.0435security-advisories@github.com
Product
https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvgsecurity-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/vim/vim/releases/tag/v9.2.0435
Source: security-advisories@github.com
Resource:
Product
Hyperlink: https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

18Records found

CVE-2026-47167
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 3.32%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 18:31
Updated-15 Jun, 2026 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's features/*/ or stories/*/ directories are embedded into a Ruby Kernel.eval argument without sufficient escaping, allowing a crafted pattern in an attacker-controlled repository to execute arbitrary Ruby (and through it arbitrary shell commands) when the user invokes a step-jump mapping ([d, ]d). This issue has been patched in version 9.2.0496.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-32249
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 3.20%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 19:17
Updated-18 Mar, 2026 | 11:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-28419
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 6.42%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 22:02
Updated-04 Mar, 2026 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim has Heap-based Buffer Underflow in Emacs tags parsing

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-28421
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 7.43%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 22:06
Updated-28 May, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim has a heap-buffer-overflow and a segmentation fault

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2024-41957
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.36% / 28.32%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 21:41
Updated-04 Nov, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim double free in src/alloc.c:616

Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-415
Double Free
CVE-2019-12735
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-19.11% / 96.98%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 13:07
Updated-11 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Action-Not Available
Vendor-neovimn/aVim
Product-vimneovimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2008-6235
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.99% / 85.66%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

Action-Not Available
Vendor-n/aVim
Product-vimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-55895
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 15:31
Updated-26 Jun, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!. This vulnerability is fixed in 9.2.0663.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-46483
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.6||LOW
EPSS-0.55% / 42.09%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 14:57
Updated-19 May, 2026 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-42307
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.77% / 51.24%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 22:38
Updated-14 May, 2026 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-41411
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.50% / 39.17%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 16:51
Updated-28 Apr, 2026 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Command injection via backtick expansion in tag filenames

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-34714
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.2||CRITICAL
EPSS-0.59% / 43.80%
||
7 Day CHG+0.05%
Published-30 Mar, 2026 | 18:27
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

Action-Not Available
Vendor-VimRed Hat, Inc.
Product-vimVimRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2026-34982
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.47% / 37.30%
||
7 Day CHG+0.05%
Published-06 Apr, 2026 | 15:16
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim modeline bypass via various options affects Vim < 9.2.0276

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.

Action-Not Available
Vendor-VimRed Hat, Inc.
Product-vimvimRed Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux BaseOS E4S (v.9.4)Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat OpenShift Container Platform 4
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-33412
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.83% / 53.21%
||
7 Day CHG+0.10%
Published-24 Mar, 2026 | 19:43
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim affected by Command injection via newline in glob()

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Action-Not Available
Vendor-VimRed Hat, Inc.
Product-vimvimRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux AppStream (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS (v. 10)Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-28417
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-1.16% / 63.36%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 21:54
Updated-28 May, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-86
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2008-3076
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.02% / 94.65%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Action-Not Available
Vendor-n/aVim
Product-vimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2008-3074
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.84% / 88.84%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

Action-Not Available
Vendor-n/aVim
Product-tar.vimvimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-20807
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 38.48%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 13:05
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Action-Not Available
Vendor-starwindsoftwaren/aopenSUSECanonical Ltd.VimDebian GNU/LinuxApple Inc.
Product-ubuntu_linuxdebian_linuxcommand_centervimmac_os_xsan_\&_nasleapn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Details not found