CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/vim/vim/commit/79348dbbc09332130f4c860	Patch
https://github.com/vim/vim/releases/tag/v9.2.0073	Release Notes
https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/02/27/6	Mailing List Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-27 22:16

Updated : 2026-03-03 17:50

NVD link : CVE-2026-28417

Mitre link : CVE-2026-28417

CVE.ORG link : CVE-2026-28417

JSON object : View

Products Affected

vim

vim

CWE

CWE-86

Improper Neutralization of Invalid Characters in Identifiers in Web Pages

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2026-28417", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-02-27T22:16:24.833", "references": [{"url": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0073", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "http://www.openwall.com/lists/oss-security/2026/02/27/6", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-86"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue."}, {"lang": "es", "value": "Vim es un editor de texto de c\u00f3digo abierto de l\u00ednea de comandos. Antes de la versi\u00f3n 9.2.0073, hay una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el plugin est\u00e1ndar 'netrw' incluido con Vim. Al inducir a un usuario a abrir una URL manipulada (por ejemplo, usando el gestor de protocolo 'scp://'), un atacante puede ejecutar comandos de shell arbitrarios con los privilegios del proceso de Vim. La versi\u00f3n 9.2.0073 soluciona el problema."}], "lastModified": "2026-03-03T17:50:29.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBFE68A3-A610-426A-A470-CDF78D00BBBF", "versionEndExcluding": "9.2.0073"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}