CVE-2026-42307

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0383

Description An OS command injection issue exists in the netrw standard plugin. An attacker can execute arbitrary shell commands with the privileges of the Vim process by inducing a user to open a crafted URL, specifically utilizing the 'sftp://' or 'file://' protocol handlers.

Recommendations Update to version 9.2.0383.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-42307

ECHO-086C-FDA2-1A2A

OESA-2026-2447

OESA-2026-2448

OESA-2026-2449

OESA-2026-2450

USN-8304-1

Affected Products

Linuxmint

Ubuntu

Vim

CVE-2026-42307

Weakness Enumeration

Related Identifiers

Affected Products

References · 32