PT-2026-26509 · Vim+4 · Vim+4

Pyllyukko

·

Publicado

2026-01-01

·

Atualizado

2026-05-24

·

CVE-2026-33412

CVSS v3.1

7.3

Alta

VetorAV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0202
Description Vim, a command line text editor, contains a flaw in its glob() function on Unix-like systems. Including a newline character ( ) within a pattern provided to glob() could allow an attacker to execute arbitrary shell commands. The vulnerability's impact is dependent on the user's 'shell' setting. This occurs when a Vimscript plugin passes untrusted user input into the glob() function.
Recommendations Update to version 9.2.0202 or later.

Exploit

Correção

RCE

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

ALSA-2026:6915
ALSA-2026:7711
ALSA-2026:8259
CVE-2026-33412
ECHO-FA6F-2167-BB0A
GHSA-W5JW-F54H-X46C
MGASA-2026-0062
OESA-2026-1781
OPENSUSE-SU-2026:10652-1
OPENSUSE-SU-2026:20540-1
RHSA-2026:6502
RHSA-2026:6539
RHSA-2026:6540
RHSA-2026:6617
RHSA-2026:6619
RHSA-2026:6620
RHSA-2026:6725
RHSA-2026:6729
RHSA-2026:6730
RHSA-2026:6731
RHSA-2026:6736
RHSA-2026:6915
RHSA-2026:7711
RHSA-2026:8259
SUSE-SU-2026:1347-1
SUSE-SU-2026:1387-1
SUSE-SU-2026:1607-1
SUSE-SU-2026:21118-1
SUSE-SU-2026:21124-1
SUSE-SU-2026:21134-1
SUSE-SU-2026:21197-1
USN-8171-1

Produtos afetados

Linuxmint
Red Os
Rocky Linux
Ubuntu
Vim