CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 5.6

References

https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
https://github.com/vim/vim/releases/tag/v9.2.0202
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
http://www.openwall.com/lists/oss-security/2026/03/19/10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33412

Products

Pricing

Contact Us