VDB
DEBIAN-CVE-2026-39881
DEBIAN-CVE-2026-39881
PUBLISHED
CVSS 7.800000190734863 HIGH
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | vim | 0, 2:9.1.1230-2, 2:9.1.1385-1 |
| Debian:13 | vim | 9.2.0218-1, 9.2.0315-1, 0 |
| Debian:11 | vim | 9.2.0355-1, *, * |
| Debian:12 | vim | 2:9.0.1378-2, 2:9.0.1378-2+deb12u1, 2:9.0.1378-2+deb12u2 |
Timeline
- Apr 8, 2026 CVE Published
- Apr 28, 2026 CVE Updated