Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user.

amazon_alas ALAS2023-2026-1667: Amazon Linux 2023 Security Advisory:ALAS2023-2026-1667

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3292 advisory.

    Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability     exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed     through wildcard expansion to resolve environment variables and wildcards. If the filename field contains     backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full     privileges of the running user. (CVE-2026-41411)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8246-1 advisory.

    Micha Majchrowicz discovered that Vims zip plugin could overwrite arbitrary files. An attacker could     possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected     Ubuntu 26.04 LTS. (CVE-2026-35177)

    It was discovered that Vims netbeans interface did not properly sanitize certain strings. An attacker     could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 26.04 LTS.
    (CVE-2026-39881)

    It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly     use this issue to execute arbitrary commands. (CVE-2026-41411)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability     exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed     through wildcard expansion to resolve environment variables and wildcards. If the filename field contains     backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full     privileges of the running user. (CVE-2026-41411)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
314581	Amazon Linux 2 : vim, --advisory ALAS2-2026-3292 (ALAS-2026-3292)	Nessus	Amazon Linux Local Security Checks	medium
314213	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8246-1)	Nessus	Ubuntu Local Security Checks	high
310517	Linux Distros Unpatched Vulnerability : CVE-2026-41411	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-41411

medium

Tenable Plugins

Coming Soon

medium

high

medium