CVE-2026-33412

high

Description

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

References

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33412.json

https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

https://github.com/vim/vim/releases/tag/v9.2.0202

https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a

https://bugzilla.redhat.com/show_bug.cgi?id=2450907

https://access.redhat.com/security/cve/CVE-2026-33412

https://access.redhat.com/errata/RHSA-2026:9832

https://access.redhat.com/errata/RHSA-2026:8423

https://access.redhat.com/errata/RHSA-2026:8259

https://access.redhat.com/errata/RHSA-2026:7711

https://access.redhat.com/errata/RHSA-2026:7335

https://access.redhat.com/errata/RHSA-2026:7243

https://access.redhat.com/errata/RHSA-2026:7239

https://access.redhat.com/errata/RHSA-2026:6915

https://access.redhat.com/errata/RHSA-2026:6736

https://access.redhat.com/errata/RHSA-2026:6731

https://access.redhat.com/errata/RHSA-2026:6730

https://access.redhat.com/errata/RHSA-2026:6729

https://access.redhat.com/errata/RHSA-2026:6725

https://access.redhat.com/errata/RHSA-2026:6620

https://access.redhat.com/errata/RHSA-2026:6619

https://access.redhat.com/errata/RHSA-2026:6617

https://access.redhat.com/errata/RHSA-2026:6540

https://access.redhat.com/errata/RHSA-2026:6539

https://access.redhat.com/errata/RHSA-2026:6502

https://access.redhat.com/errata/RHSA-2026:25096

https://access.redhat.com/errata/RHSA-2026:17596

https://access.redhat.com/errata/RHSA-2026:16174

https://access.redhat.com/errata/RHSA-2026:16009

https://access.redhat.com/errata/RHSA-2026:16008

https://access.redhat.com/errata/RHSA-2026:15087

https://access.redhat.com/errata/RHSA-2026:14773

https://access.redhat.com/errata/RHSA-2026:12274

https://access.redhat.com/errata/RHSA-2026:11768

https://access.redhat.com/errata/RHSA-2026:10097

https://access.redhat.com/errata/RHSA-2026:10065

http://www.openwall.com/lists/oss-security/2026/03/19/10

Details

Source: Mitre, NVD

Published: 2026-03-24

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0005