Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33412.json
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
https://github.com/vim/vim/releases/tag/v9.2.0202
https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
https://bugzilla.redhat.com/show_bug.cgi?id=2450907
https://access.redhat.com/security/cve/CVE-2026-33412
https://access.redhat.com/errata/RHSA-2026:9832
https://access.redhat.com/errata/RHSA-2026:8423
https://access.redhat.com/errata/RHSA-2026:8259
https://access.redhat.com/errata/RHSA-2026:7711
https://access.redhat.com/errata/RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:7243
https://access.redhat.com/errata/RHSA-2026:7239
https://access.redhat.com/errata/RHSA-2026:6915
https://access.redhat.com/errata/RHSA-2026:6736
https://access.redhat.com/errata/RHSA-2026:6731
https://access.redhat.com/errata/RHSA-2026:6730
https://access.redhat.com/errata/RHSA-2026:6729
https://access.redhat.com/errata/RHSA-2026:6725
https://access.redhat.com/errata/RHSA-2026:6620
https://access.redhat.com/errata/RHSA-2026:6619
https://access.redhat.com/errata/RHSA-2026:6617
https://access.redhat.com/errata/RHSA-2026:6540
https://access.redhat.com/errata/RHSA-2026:6539
https://access.redhat.com/errata/RHSA-2026:6502
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:12274
https://access.redhat.com/errata/RHSA-2026:11768
https://access.redhat.com/errata/RHSA-2026:10097