Vim affected by Command injection via newline in glob()

5.6 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

Description

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Basic Information

ID CVE-2026-33412

Source GitHub_M

Published Mar 24, 2026 at 19:43

Modified Mar 26, 2026 at 03:55

Affected Product

Vendor vim

Product vim

Version < 9.2.0202

Affected Versions vim vim < 9.2.0202

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.",
    "published": "2026-03-24T19:43:07.219Z",
    "modified": "2026-03-26T03:55:39.372Z",
    "type": "cve",
    "title": "Vim affected by Command injection via newline in glob()",
    "source": "GitHub_M",
    "references": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c\nhttps://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a\nhttps://github.com/vim/vim/releases/tag/v9.2.0202",
    "id": "CVE-2026-33412",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "vim vim < 9.2.0202",
    "sourceHref": "",
    "cvss": {
        "score": 5.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vim",
    "version": "< 9.2.0202",
    "vendor": "vim",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vim affected by Command injection via newline in glob()_CVE-2026-33412