VDB

DEBIAN-CVE-2026-33412

DEBIAN-CVE-2026-33412 PUBLISHED CVSS 7.300000190734863 HIGH

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Risk Scores

CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11vim*, 2:9.0.0813-1, 2:9.0.1000-1
Debian:13vim9.1.1230-2, 9.1.1385-1, 9.1.1766-1
Debian:12vim9.1.2103-1, 0, 2:9.0.1378-2
Debian:14vim9.2.0136-1, 9.2.0119-1, 9.1.2141-1

Exploit Intelligence

Timeline

  • Mar 24, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›