Medium severity5.0NVD Advisory· Published Apr 8, 2026· Updated Apr 22, 2026
CVE-2026-39881
CVE-2026-39881
Description
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords7 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 9.2.0398-1.1+ 6 more
- (no CPE)range: < 9.2.0398-1.1
- (no CPE)range: < 9.2.0530-150000.5.94.1
- (no CPE)range: < 9.2.0530-150000.5.94.1
- (no CPE)range: < 9.2.0530-150000.5.94.1
- (no CPE)range: < 9.2.0530-150000.5.94.1
- (no CPE)range: < 9.2.0530-150000.5.94.1
- (no CPE)range: < 9.2.0530-150000.5.94.1
Patches
Vulnerability mechanics
References
3- github.com/vim/vim/commit/7ab76a86048ed492374ac6b19nvdPatch
- github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6nvdVendor Advisory
- github.com/vim/vim/releases/tag/v9.2.0316nvdRelease Notes
News mentions
0No linked articles in our index yet.