VDB
CVE-2026-39881
CVE-2026-39881
PUBLISHED
CVSS 5 MEDIUM
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.
EPSS 0.01% · 0.9th percentile
Risk Scores
CVSS 3.1
5
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N
EPSS Score
0.01%
0.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vim | vim | < 9.2.0316 |
Timeline
- Apr 8, 2026 CVE Published
- Apr 9, 2026 CVE Updated
- Apr 11, 2026 EPSS Score
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score