CVE-2026-33412

Description

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vims glob() function on Unix-like systems. By including a newline character (n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the users shell setting. This issue has been patched in version 9.2.0202.

Risk Information

Base Score

7.3

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.01

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234