CVE-2026-33412

EUVD-2026-14998
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.2.0202
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2:9.2.0355-1
fixed
sid
2:9.2.0461-1
fixed
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
bionic
Fixed 2:8.0.1453-1ubuntu1.13+esm15
released
focal
Fixed 2:8.1.2269-1ubuntu5.32+esm3
released
jammy
Fixed 2:8.2.3995-1ubuntu2.27
released
noble
Fixed 2:9.1.0016-1ubuntu7.11
released
questing
Fixed 2:9.1.0967-1ubuntu6.2
released
trusty
Fixed 2:7.4.052-1ubuntu3.1+esm24
released
xenial
Fixed 2:7.4.1689-3ubuntu1.5+esm30
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise server 12 SP3
9.2.0280-17.62.1
fixed
suse enterprise server 12 SP5
9.2.0280-17.62.1
fixed
suse enterprise server 15 SP4
9.2.0280-150000.5.89.1
fixed
suse enterprise server 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP6
9.2.0280-150500.20.46.1
fixed
vim
suse enterprise desktop 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise server 12 SP3
9.2.0280-17.62.1
fixed
suse enterprise server 12 SP5
9.2.0280-17.62.1
fixed
suse enterprise server 15 SP4
9.2.0280-150000.5.89.1
fixed
suse enterprise server 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP7
9.2.0280-150500.20.46.1
fixed
vim-data
suse enterprise desktop 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise server 12 SP3
9.2.0280-17.62.1
fixed
suse enterprise server 12 SP5
9.2.0280-17.62.1
fixed
suse enterprise server 15 SP4
9.2.0280-150000.5.89.1
fixed
suse enterprise server 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP7
9.2.0280-150500.20.46.1
fixed
vim-data-common
suse enterprise desktop 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise server 12 SP3
9.2.0280-17.62.1
fixed
suse enterprise server 12 SP5
9.2.0280-17.62.1
fixed
suse enterprise server 15 SP4
9.2.0280-150000.5.89.1
fixed
suse enterprise server 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP7
9.2.0280-150500.20.46.1
fixed
vim-small
suse enterprise desktop 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise sap 15 SP7
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP4
9.2.0280-150000.5.89.1
fixed
suse enterprise server 15 SP5
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP6
9.2.0280-150500.20.46.1
fixed
suse enterprise server 15 SP7
9.2.0280-150500.20.46.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
vim-X11
RHEL 8
2:8.0.1763-22.el8_10.1
fixed
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
vim-common
RHEL 8
2:8.0.1763-22.el8_10.1
fixed
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
vim-enhanced
RHEL 8
2:8.0.1763-22.el8_10.1
fixed
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
vim-filesystem
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
vim-minimal
RHEL 8.2 AUS
2:8.0.1763-13.el8_2.1
fixed
RHEL 8.4 AUS
2:8.0.1763-15.el8_4.1
fixed
RHEL 8.6 AUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 E4S
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.6 TUS
2:8.0.1763-19.el8_6.5
fixed
RHEL 8.8 E4S
2:8.0.1763-20.el8_8.1
fixed
RHEL 8.8 TUS
2:8.0.1763-20.el8_8.1
fixed
RHEL 9
2:8.2.2637-23.el9_7.2
fixed
Common Weakness Enumeration
References
https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
https://github.com/vim/vim/releases/tag/v9.2.0202
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
http://www.openwall.com/lists/oss-security/2026/03/19/10