CVE-2026-28417

EUVD-2026-9085
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.2.0073
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2:9.2.0461-1
fixed
sid
2:9.2.0524-1
fixed
trixie
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
vim
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-data
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-data-common
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-small
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
vim-X11
RHEL 8
2:8.0.1763-22.el8_10.1
fixed
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
vim-common
RHEL 8
2:8.0.1763-22.el8_10.1
fixed
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
vim-enhanced
RHEL 8
2:8.0.1763-22.el8_10.1
fixed
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
vim-filesystem
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
vim-minimal
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/vim/vim/commit/79348dbbc09332130f4c860
https://github.com/vim/vim/releases/tag/v9.2.0073
https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
http://www.openwall.com/lists/oss-security/2026/02/27/6