vulnerability
Ubuntu: USN-8101-1 (CVE-2026-28417): Vim vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:M/Au:N/C:P/I:P/A:N) | Feb 27, 2026 | Mar 19, 2026 | Apr 16, 2026 |
Severity
3
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:N)
Published
Feb 27, 2026
Added
Mar 19, 2026
Modified
Apr 16, 2026
Description
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Solutions
ubuntu-pro-upgrade-vimubuntu-upgrade-vim
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.