VDB

CVE-2026-39881

CVE-2026-39881 PUBLISHED CVSS 5 MEDIUM

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.

EPSS 0.01% · 0.9th percentile

Risk Scores

CVSS 3.1
5
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N
EPSS Score
0.01%
0.9th percentile

Affected Products

VendorProductVersions
vimvim< 9.2.0316

Timeline

  • Apr 8, 2026 CVE Published
  • Apr 9, 2026 CVE Updated
  • Apr 11, 2026 EPSS Score
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›