wid-sec-w-2026-1004
·
Published 2026-04-07
·
View on BSI CERT-Bund ↗
vim: Vulnerability allows Code execution
CVSS N/A
NONE
Risk Summary
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.
CVEs (1)
Affected Vendors
Open Source
Affected Products (2)
Open Source
·
vim
<9.2.0316
Open Source
·
vim
9.2.0316
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more