Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.

The version of Vim installed on the remote host is prior to 9.2.0383. It is, therefore, affected by a vulnerability as referenced in the GHSA-85ch-p2qr-m5gx advisory.

  - An OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. The suffix     extraction logic in s:GetTempfile() allows arbitrary characters after the dot in a filename, permitting     shell metacharacters to be embedded in the suffix. Since this temporary file name is passed to external     commands without proper escaping, an attacker can inject arbitrary shell commands by inducing a user to     open a crafted URL. This vulnerability is fixed in 9.2.0383. (CVE-2026-42307)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8304-1 advisory.

    Joshua Rogers discovered that Vim incorrectly handled certain URL schemes in the netrw plugin. An attacker     could possibly use this issue to execute arbitrary commands. (CVE-2026-42307)

    It was discovered that Vim incorrectly handled command-line completion for the :find command. An attacker     could possibly use this issue to execute arbitrary commands. (CVE-2026-44656)

    Daniel Cervera discovered that Vim incorrectly handled loading spell files. An attacker could possibly use     this issue to cause a denial of service, or to execute arbitrary code. (CVE-2026-45130)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection     vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted     URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell     commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.
    (CVE-2026-42307)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
317737	Vim < 9.2.0383 OS Command Injection in netrw (GHSA-85ch-p2qr-m5gx)	Nessus	Misc.	medium
316886	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8304-1)	Nessus	Ubuntu Local Security Checks	medium
313604	Linux Distros Unpatched Vulnerability : CVE-2026-42307	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-42307

medium

Tenable Plugins

medium

medium

medium