CVE-2026-33412
Vim affected by Command injection via newline in glob()
Description
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.
INFO
Published Date :
March 24, 2026, 8:16 p.m.
Last Modified :
June 30, 2026, 3:18 a.m.
Remotely Exploit :
No
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | MEDIUM | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c |
Solution
- Update Vim to version 9.2.0202 or later.
- Ensure the 'shell' setting is configured securely.
Public PoC/Exploit Available at Github
CVE-2026-33412 has a 2 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-33412.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-33412 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-33412
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
This project documents the deployment of Tenable Nessus to discover exploitable vulnerabilities on a server and the web application it hosts. It also documents the successful patching and remediation process with ansible - a serverless automation agent to keep the infrastructure secure and hardened.
Hands-on vulnerability assessment project using Tenable Nessus Essentials on a home lab environment
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-33412 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-33412 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 30, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/o:redhat:rhel_els:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.12::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.12', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.13::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.13', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.14::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.14', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.15::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.15', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.16::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.16', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.17', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus_long_life:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.0::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:9::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.2::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:insights_proxy:1.5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Insights proxy 1.5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhui:5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Update Infrastructure 5', 'defaultStatus': 'affected'}] Added CVSS V3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-78 Added Reference https://access.redhat.com/errata/RHSA-2026:10065 Added Reference https://access.redhat.com/errata/RHSA-2026:10097 Added Reference https://access.redhat.com/errata/RHSA-2026:11768 Added Reference https://access.redhat.com/errata/RHSA-2026:12274 Added Reference https://access.redhat.com/errata/RHSA-2026:14773 Added Reference https://access.redhat.com/errata/RHSA-2026:15087 Added Reference https://access.redhat.com/errata/RHSA-2026:16008 Added Reference https://access.redhat.com/errata/RHSA-2026:16009 Added Reference https://access.redhat.com/errata/RHSA-2026:16174 Added Reference https://access.redhat.com/errata/RHSA-2026:17596 Added Reference https://access.redhat.com/errata/RHSA-2026:25096 Added Reference https://access.redhat.com/errata/RHSA-2026:6502 Added Reference https://access.redhat.com/errata/RHSA-2026:6539 Added Reference https://access.redhat.com/errata/RHSA-2026:6540 Added Reference https://access.redhat.com/errata/RHSA-2026:6617 Added Reference https://access.redhat.com/errata/RHSA-2026:6619 Added Reference https://access.redhat.com/errata/RHSA-2026:6620 Added Reference https://access.redhat.com/errata/RHSA-2026:6725 Added Reference https://access.redhat.com/errata/RHSA-2026:6729 Added Reference https://access.redhat.com/errata/RHSA-2026:6730 Added Reference https://access.redhat.com/errata/RHSA-2026:6731 Added Reference https://access.redhat.com/errata/RHSA-2026:6736 Added Reference https://access.redhat.com/errata/RHSA-2026:6915 Added Reference https://access.redhat.com/errata/RHSA-2026:7239 Added Reference https://access.redhat.com/errata/RHSA-2026:7243 Added Reference https://access.redhat.com/errata/RHSA-2026:7335 Added Reference https://access.redhat.com/errata/RHSA-2026:7711 Added Reference https://access.redhat.com/errata/RHSA-2026:8259 Added Reference https://access.redhat.com/errata/RHSA-2026:8423 Added Reference https://access.redhat.com/errata/RHSA-2026:9832 Added Reference https://access.redhat.com/security/cve/CVE-2026-33412 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2450907 Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33412.json -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'vim', 'product': 'vim', 'versions': [{'status': 'affected', 'version': '< 9.2.0202'}]}] -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-33412', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-03-25T00:00:00+00:00'} -
Initial Analysis by [email protected]
Mar. 25, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.0202 Added Reference Type GitHub, Inc.: https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a Types: Patch Added Reference Type GitHub, Inc.: https://github.com/vim/vim/releases/tag/v9.2.0202 Types: Product Added Reference Type GitHub, Inc.: https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c Types: Patch, Vendor Advisory Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/03/19/10 Types: Mailing List, Patch, Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Mar. 24, 2026
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2026/03/19/10 -
New CVE Received by [email protected]
Mar. 24, 2026
Action Type Old Value New Value Added Description Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202. Added CVSS V3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Added CWE CWE-78 Added Reference https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a Added Reference https://github.com/vim/vim/releases/tag/v9.2.0202 Added Reference https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c