VDB
DEBIAN-CVE-2026-33412
DEBIAN-CVE-2026-33412
PUBLISHED
CVSS 7.300000190734863 HIGH
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | vim | *, 2:9.0.0813-1, 2:9.0.1000-1 |
| Debian:13 | vim | 9.1.1230-2, 9.1.1385-1, 9.1.1766-1 |
| Debian:12 | vim | 9.1.2103-1, 0, 2:9.0.1378-2 |
| Debian:14 | vim | 9.2.0136-1, 9.2.0119-1, 9.1.2141-1 |
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- Mar 24, 2026 CVE Published
- Apr 28, 2026 CVE Updated