Vim · Vim · CVE-2026-47162
**Name of the Vulnerable Software and Affected Versions**
Vim versions prior to 9.2.0495
**Description**
A Vimscript code injection exists in the `s:NetrwBookHistSave()` function within the netrw plugin. The issue occurs when serializing browsed directory paths to the history file `~/.vim/.netrwhist`. A directory name from the filesystem is interpolated into a single-quoted Vimscript string literal without escaping embedded single quotes. This allows a crafted directory name to break the string context and execute arbitrary Vimscript, including shell commands via `system()` and `:!`, when the history file is subsequently sourced.
**Recommendations**
Update to version 9.2.0495.