CVE-2026-33412

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0202

Description Vim, a command line text editor, contains a flaw in its glob() function on Unix-like systems. Including a newline character ( ) within a pattern provided to glob() could allow an attacker to execute arbitrary shell commands. The vulnerability's impact is dependent on the user's 'shell' setting. This occurs when a Vimscript plugin passes untrusted user input into the glob() function.

Recommendations Update to version 9.2.0202 or later.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2026:6915

ALSA-2026:7711

ALSA-2026:8259

CVE-2026-33412

ECHO-FA6F-2167-BB0A

GHSA-W5JW-F54H-X46C

MGASA-2026-0062

OESA-2026-1781

OPENSUSE-SU-2026:10652-1

OPENSUSE-SU-2026:20540-1

RHSA-2026:6502

RHSA-2026:6539

RHSA-2026:6540

RHSA-2026:6617

RHSA-2026:6619

RHSA-2026:6620

RHSA-2026:6725

RHSA-2026:6729

RHSA-2026:6730

RHSA-2026:6731

RHSA-2026:6736

RHSA-2026:6915

RHSA-2026:7711

RHSA-2026:8259

SUSE-SU-2026:1347-1

SUSE-SU-2026:1387-1

SUSE-SU-2026:1607-1

SUSE-SU-2026:21118-1

SUSE-SU-2026:21124-1

SUSE-SU-2026:21134-1

SUSE-SU-2026:21197-1

USN-8171-1

Affected Products

Linuxmint

Rocky Linux

Ubuntu

Vim

CVE-2026-33412

Weakness Enumeration

Related Identifiers

Affected Products

References · 72