CVEFinder.io

CVE-2026-42307

đŸ”ļ medium
🔍 Scan for this CVE
Summary

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.

CVSS Score
4.4
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2026-05-08
First Seen: 2026-05-10
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 11.6% of all 329,456 vulnerabilities in our database.

#291,401
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-78

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
vim vim Affected
< 9.2.0383

🔗 References 3

https://github.com/vim/vim/commit/405e2fb6d54d565352...
Patch
https://github.com/vim/vim/releases/tag/v9.2.0383
Product
https://github.com/vim/vim/security/advisories/GHSA-...
Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47162 ⚠ī¸ high 8.8 0.3 Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exi... 2026-06-11
CVE-2026-47167 đŸ”ļ medium 5.3 0.1 Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:s... 2026-06-11
CVE-2026-52858 ⚠ī¸ high 7.8 0.2 Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3... 2026-06-11
CVE-2026-52859 ⚠ī¸ high 8.2 0.3 Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/termin... 2026-06-11
CVE-2026-52860 ⚠ī¸ high 7.8 0.2 Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes recons... 2026-06-11
CVE-2026-46483 ℹī¸ low 3.6 0.0 Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimu... 2026-05-15
These CVEs affect the same products