← Zuruck zu CVEs
CVE-2026-33412
MEDIUM5.6
Beschreibung
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
CVE Details
CVSS v3.1 Bewertung5.6
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht3/24/2026
Zuletzt geandert3/25/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
vim:vim
Schwachen (CWE)
CWE-78
Referenzen
https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a(security-advisories@github.com)
https://github.com/vim/vim/releases/tag/v9.2.0202(security-advisories@github.com)
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c(security-advisories@github.com)
http://www.openwall.com/lists/oss-security/2026/03/19/10(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.