vulnerability
Ubuntu: USN-8101-1 (CVE-2026-28417): Vim vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:M/Au:N/C:P/I:P/A:N) | Feb 27, 2026 | Mar 19, 2026 | Mar 27, 2026 |
Severity
3
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:N)
Published
Feb 27, 2026
Added
Mar 19, 2026
Modified
Mar 27, 2026
Description
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Solution
ubuntu-pro-upgrade-vim
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.