CVE-2026-39881

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0316

Description A command injection issue exists in Vim's netbeans interface. A malicious netbeans server can execute arbitrary Ex commands when Vim connects to it, due to unsanitized strings in the defineAnnoType and specialKeys protocol messages.

Recommendations Update to version 9.2.0316 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-39881

ECHO-49A6-CBE4-2CF6

OESA-2026-2003

OESA-2026-2004

OESA-2026-2005

OESA-2026-2006

OESA-2026-2007

OPENSUSE-SU-2026:10652-1

USN-8213-1

USN-8246-1

Affected Products

Linuxmint

Ubuntu

Vim

CVE-2026-39881

Weakness Enumeration

Related Identifiers

Affected Products

References · 35