PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33412 vim CVE debrief

CVE-2026-33412 is a command injection vulnerability in Vim's glob() function on Unix-like systems. This vulnerability allows an attacker to execute arbitrary shell commands by including a newline character (n) in a pattern passed to glob(). The vulnerability's impact depends on the user's 'shell' setting. Vim version 9.2.0202 patches this issue. Users should update to this version or apply mitigations to prevent exploitation. The vulnerability has a CVSS score of 5.6 and is considered medium severity.

Vendor
vim
Product
Unknown
CVSS
MEDIUM 5.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-24
Original CVE updated
2026-06-30
Advisory published
2026-03-24
Advisory updated
2026-06-30

Who should care

Users of Vim on Unix-like systems should be aware of this vulnerability. Specifically, developers and administrators using Vim for development or editing tasks should check their systems for exposure and update to version 9.2.0202 or apply compensating controls. Red Hat users can refer to errata RHSA-2026:10065 and others for specific guidance.

Technical summary

CVE-2026-33412 is a command injection vulnerability in the glob() function of Vim, a popular open-source command-line text editor. The vulnerability exists on Unix-like systems and is due to improper handling of newline characters in patterns passed to glob(). An attacker could exploit this by crafting a malicious pattern that, when processed by Vim, executes arbitrary shell commands. The vulnerability's impact is dependent on the user's shell configuration. This issue has been addressed in Vim version 9.2.0202. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.6, indicating medium severity.

Defensive priority

Apply the patch: Update Vim to version 9.2.0202 or later. Restrict access: Limit access to Vim on Unix-like systems, especially in multi-user environments. Monitor for suspicious activity: Regularly review system logs for signs of exploitation attempts.

Recommended defensive actions

  • Update Vim to version 9.2.0202 or later.
  • Restrict access to Vim on Unix-like systems, especially in multi-user environments.
  • Monitor system logs for signs of exploitation attempts.
  • Apply compensating controls, such as SELinux or AppArmor policies, to restrict Vim's capabilities.
  • Regularly review and update vulnerability management processes to ensure timely patching of critical systems.

Evidence notes

The CVE-2026-33412 vulnerability was publicly disclosed on March 24, 2026. The vulnerability was patched in Vim version 9.2.0202. Multiple sources, including the NVD and Red Hat, have documented this vulnerability and provided guidance on mitigation. The CVSS score for this vulnerability is 5.6, indicating medium severity.

Official resources

This article is AI-assisted and based on the supplied source corpus.