Fluid Attacks Database

Description

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel10	vim	-	-
alpine v3.23	vim	=7.2.284-r0 \|\| =7.2.394-r0 \|\| =7.2.394-r1 \|\| =7.2.411-r0 \|\| =7.3-r0 \|\| =7.3.003-r0 \|\| =7.3.1070-r0 \|\| =7.3.112-r0 \|\| =7.3.112-r1 \|\| =7.3.1136-r0 \|\| =7.3.154-r0 \|\| =7.3.198-r0 \|\| =7.3.206-r0 \|\| =7.3.206-r1 \|\| =7.3.266-r0 \|\| =7.3.333-r0 \|\| =7.3.364-r0 \|\| =7.3.401-r0 \|\| =7.3.434-r0 \|\| =7.3.495-r0 \|\| =7.3.515-r0 \|\| =7.3.547-r0 \|\| =7.3.600-r0 \|\| =7.3.659-r0 \|\| =7.3.661-r0 \|\| =7.3.692-r0 \|\| =7.3.712-r0 \|\| =7.3.754-r0 \|\| =7.3.82-r0 \|\| =7.4-r0 \|\| =7.4-r1 \|\| =7.4-r2 \|\| =7.4-r3 \|\| =7.4.1225-r0 \|\| =7.4.1225-r1 \|\| =7.4.1591-r0 \|\| =7.4.1831-r0 \|\| =7.4.1831-r1 \|\| =7.4.2028-r0 \|\| =7.4.712-r0 \|\| =7.4.712-r1 \|\| =7.4.861-r0 \|\| =7.4.861-r1 \|\| =7.4.943-r0 \|\| =7.4.943-r1 \|\| =7.4.943-r2 \|\| =8.0.0003-r0 \|\| =8.0.0008-r0 \|\| =8.0.0027-r0 \|\| =8.0.0056-r0 \|\| =8.0.0178-r0 \|\| =8.0.0187-r0 \|\| =8.0.0329-r0 \|\| =8.0.0348-r0 \|\| =8.0.0349-r0 \|\| =8.0.0460-r0 \|\| =8.0.0559-r0 \|\| =8.0.0594-r0 \|\| =8.0.0595-r0 \|\| =8.0.0642-r0 \|\| =8.0.0972-r0 \|\| =8.0.0974-r0 \|\| =8.0.1137-r0 \|\| =8.0.1171-r0 \|\| =8.0.1240-r0 \|\| =8.0.1300-r0 \|\| =8.0.1359-r0 \|\| =8.0.1367-r0 \|\| =8.0.1424-r0 \|\| =8.0.1424-r1 \|\| =8.0.1521-r0 \|\| =8.0.1727-r0 \|\| =8.1.0022-r0 \|\| =8.1.0026-r0 \|\| =8.1.0077-r0 \|\| =8.1.0115-r0 \|\| =8.1.0630-r0 \|\| =8.1.0829-r0 \|\| =8.1.0829-r1 \|\| =8.1.1075-r0 \|\| =8.1.1075-r1 \|\| =8.1.1364-r0 \|\| =8.1.1365-r0 \|\| =8.1.2137-r0 \|\| =8.1.2137-r1 \|\| =8.1.2300-r0 \|\| =8.2.0-r0 \|\| =8.2.0357-r0 \|\| =8.2.0735-r0 \|\| =8.2.1017-r0 \|\| =8.2.1168-r0 \|\| =8.2.1353-r0 \|\| =8.2.1419-r0 \|\| =8.2.1736-r0 \|\| =8.2.1843-r0 \|\| =8.2.1843-r1 \|\| =8.2.1843-r2 \|\| =8.2.2013-r0 \|\| =8.2.2084-r0 \|\| =8.2.2137-r0 \|\| =8.2.2303-r0 \|\| =8.2.2320-r0 \|\| =8.2.2404-r0 \|\| =8.2.2559-r0 \|\| =8.2.2677-r0 \|\| =8.2.2677-r1 \|\| =8.2.2800-r0 \|\| =8.2.2822-r0 \|\| =8.2.2822-r1 \|\| =8.2.2852-r0 \|\| =8.2.2956-r0 \|\| =8.2.2968-r0 \|\| =8.2.3082-r0 \|\| =8.2.3156-r0 \|\| =8.2.3275-r0 \|\| =8.2.3300-r0 \|\| =8.2.3437-r0 \|\| =8.2.3437-r1 \|\| =8.2.3500-r0 \|\| =8.2.3567-r0 \|\| =8.2.3650-r0 \|\| =8.2.3779-r0 \|\| =8.2.3779-r1 \|\| =8.2.4173-r0 \|\| =8.2.4350-r0 \|\| =8.2.4542-r0 \|\| =8.2.4542-r1 \|\| =8.2.4619-r0 \|\| =8.2.4708-r0 \|\| =8.2.4836-r0 \|\| =8.2.4969-r0 \|\| =8.2.5000-r0 \|\| =8.2.5055-r0 \|\| =8.2.5170-r0 \|\| =9.0.0009-r0 \|\| =9.0.0050-r0 \|\| =9.0.0124-r0 \|\| =9.0.0224-r0 \|\| =9.0.0234-r0 \|\| =9.0.0270-r0 \|\| =9.0.0369-r0 \|\| =9.0.0437-r0 \|\| =9.0.0598-r0 \|\| =9.0.0636-r0 \|\| =9.0.0693-r0 \|\| =9.0.0728-r0 \|\| =9.0.0792-r0 \|\| =9.0.0815-r0 \|\| =9.0.0820-r0 \|\| =9.0.0999-r0 \|\| =9.0.1085-r0 \|\| =9.0.1093-r0 \|\| =9.0.1107-r0 \|\| =9.0.1128-r0 \|\| =9.0.1167-r0 \|\| =9.0.1188-r0 \|\| =9.0.1198-r0 \|\| =9.0.1215-r0 \|\| =9.0.1251-r0 \|\| =9.0.1261-r0 \|\| =9.0.1291-r0 \|\| =9.0.1294-r0 \|\| =9.0.1304-r0 \|\| =9.0.1313-r0 \|\| =9.0.1313-r1 \|\| =9.0.1337-r0 \|\| =9.0.1337-r1 \|\| =9.0.1395-r0 \|\| =9.0.1413-r0 \|\| =9.0.1440-r0 \|\| =9.0.1440-r1 \|\| =9.0.1440-r2 \|\| =9.0.1482-r0 \|\| =9.0.1495-r0 \|\| =9.0.1506-r0 \|\| =9.0.1520-r0 \|\| =9.0.1558-r0 \|\| =9.0.1568-r0 \|\| =9.0.1607-r0 \|\| =9.0.1632-r0 \|\| =9.0.1676-r0 \|\| =9.0.1888-r0 \|\| =9.0.1994-r0 \|\| =9.0.2073-r0 \|\| =9.0.2112-r0 \|\| =9.0.2127-r0 \|\| =9.0.2127-r1 \|\| =9.1.0-r0 \|\| =9.1.0-r1 \|\| =9.1.0-r2 \|\| =9.1.0414-r0 \|\| =9.1.0652-r0 \|\| =9.1.0678-r0 \|\| =9.1.0707-r0 \|\| =9.1.0936-r0 \|\| =9.1.1012-r0 \|\| =9.1.1105-r0 \|\| =9.1.1164-r0 \|\| =9.1.1202-r0 \|\| =9.1.1202-r1 \|\| =9.1.1379-r0 \|\| =9.1.1397-r0 \|\| =9.1.1406-r0 \|\| =9.1.1415-r0 \|\| =9.1.1457-r0 \|\| =9.1.1471-r0 \|\| =9.1.1485-r0 \|\| =9.1.1516-r0 \|\| =9.1.1533-r0 \|\| =9.1.1533-r1 \|\| =9.1.1552-r0 \|\| =9.1.1557-r0 \|\| =9.1.1557-r1 \|\| =9.1.1566-r0 \|\| =9.1.1582-r0 \|\| =9.1.1582-r1 \|\| =9.1.1591-r0 \|\| =9.1.1593-r0 \|\| =9.1.1595-r0 \|\| =9.1.1616-r0 \|\| =9.1.1623-r0 \|\| =9.1.1627-r0 \|\| =9.1.1629-r0 \|\| =9.1.1634-r0 \|\| =9.1.1652-r0 \|\| =9.1.1663-r0 \|\| =9.1.1678-r0 \|\| =9.1.1684-r0 \|\| =9.1.1706-r0 \|\| =9.1.1723-r0 \|\| =9.1.1730-r0 \|\| =9.1.1738-r0 \|\| =9.1.1740-r0 \|\| =9.1.1747-r0 \|\| =9.1.1752-r0 \|\| =9.1.1760-r0 \|\| =9.1.1765-r0 \|\| =9.1.1775-r0 \|\| =9.1.1785-r0 \|\| =9.1.1792-r0 \|\| =9.1.1806-r0 \|\| =9.1.1818-r0 \|\| =9.1.1831-r0 \|\| =9.1.1840-r0 \|\| =9.1.1846-r0 \|\| =9.1.1854-r0 \|\| =9.1.1863-r0 \|\| =9.1.1868-r0 \|\| =9.1.1871-r0 \|\| =9.1.1879-r0 \|\| =9.1.1882-r0 \|\| =9.1.1891-r0 \|\| =9.1.1896-r0 \|\| =9.1.1900-r0 \|\| =9.1.1908-r0 \|\| =9.1.1917-r0 \|\| =9.1.1924-r0 \|\| =9.1.1926-r0 \|\| =9.1.1930-r0 \|\| =9.1.1942-r0 \|\| =9.1.2132-r0 \|\| =9.2.0078-r0 \|\| =9.2.0140-r0 \|\| >=0 <9.2.0219-r0	9.2.0219-r0
debian 11	vim	=2:8.2.2434-3 \|\| =2:8.2.2434-3+deb11u1 \|\| =2:8.2.2434-3+deb11u2 \|\| =2:8.2.2434-3+deb11u3 \|\| =2:8.2.3455-1 \|\| =2:8.2.3455-2 \|\| =2:8.2.3565-1 \|\| =2:8.2.3995-1 \|\| =2:8.2.4659-1 \|\| =2:8.2.4793-1 \|\| =2:9.0.0135-1 \|\| =2:9.0.0229-1 \|\| =2:9.0.0242-1 \|\| =2:9.0.0626-1 \|\| =2:9.0.0813-1 \|\| =2:9.0.1000-1 \|\| =2:9.0.1000-2 \|\| =2:9.0.1000-3 \|\| =2:9.0.1000-4 \|\| =2:9.0.1378-1 \|\| =2:9.0.1378-2 \|\| =2:9.0.1658-1 \|\| =2:9.0.1672-1 \|\| =2:9.0.1894-1 \|\| =2:9.0.2018-1 \|\| =2:9.0.2087-1 \|\| =2:9.0.2103-1 \|\| =2:9.0.2116-1 \|\| =2:9.0.2189-1 \|\| =2:9.1.0-1 \|\| =2:9.1.0016-1 \|\| =2:9.1.0199-1 \|\| =2:9.1.0374-1 \|\| =2:9.1.0377-1 \|\| =2:9.1.0496-1 \|\| =2:9.1.0698-1 \|\| =2:9.1.0709-1 \|\| =2:9.1.0709-2 \|\| =2:9.1.0777-1 \|\| =2:9.1.0861-1 \|\| =2:9.1.0967-1 \|\| =2:9.1.0967-2 \|\| =2:9.1.1113-1 \|\| =2:9.1.1230-1 \|\| =2:9.1.1230-2 \|\| =2:9.1.1385-1 \|\| =2:9.1.1766-1 \|\| =2:9.1.1829-1 \|\| =2:9.1.1846-1 \|\| =2:9.1.1882-1 \|\| =2:9.1.2103-1 \|\| =2:9.1.2141-1 \|\| =2:9.2.0119-1 \|\| =2:9.2.0136-1 \|\| =2:9.2.0218-1	-
debian 12	vim	=2:9.0.1378-2 \|\| =2:9.0.1378-2+deb12u1 \|\| =2:9.0.1378-2+deb12u2 \|\| =2:9.0.1658-1 \|\| =2:9.0.1672-1 \|\| =2:9.0.1894-1 \|\| =2:9.0.2018-1 \|\| =2:9.0.2087-1 \|\| =2:9.0.2103-1 \|\| =2:9.0.2116-1 \|\| =2:9.0.2189-1 \|\| =2:9.1.0-1 \|\| =2:9.1.0016-1 \|\| =2:9.1.0199-1 \|\| =2:9.1.0374-1 \|\| =2:9.1.0377-1 \|\| =2:9.1.0496-1 \|\| =2:9.1.0698-1 \|\| =2:9.1.0709-1 \|\| =2:9.1.0709-2 \|\| =2:9.1.0777-1 \|\| =2:9.1.0861-1 \|\| =2:9.1.0967-1 \|\| =2:9.1.0967-2 \|\| =2:9.1.1113-1 \|\| =2:9.1.1230-1 \|\| =2:9.1.1230-2 \|\| =2:9.1.1385-1 \|\| =2:9.1.1766-1 \|\| =2:9.1.1829-1 \|\| =2:9.1.1846-1 \|\| =2:9.1.1882-1 \|\| =2:9.1.2103-1 \|\| =2:9.1.2141-1 \|\| =2:9.2.0119-1 \|\| =2:9.2.0136-1 \|\| =2:9.2.0218-1	-
debian 13	vim	=2:9.1.1230-2 \|\| =2:9.1.1385-1 \|\| =2:9.1.1766-1 \|\| =2:9.1.1829-1 \|\| =2:9.1.1846-1 \|\| =2:9.1.1882-1 \|\| =2:9.1.2103-1 \|\| =2:9.1.2141-1 \|\| =2:9.2.0119-1 \|\| =2:9.2.0136-1 \|\| =2:9.2.0218-1	-
debian 14	vim	=2:9.1.1230-2 \|\| =2:9.1.1385-1 \|\| =2:9.1.1766-1 \|\| =2:9.1.1829-1 \|\| =2:9.1.1846-1 \|\| =2:9.1.1882-1 \|\| =2:9.1.2103-1 \|\| =2:9.1.2141-1 \|\| =2:9.2.0119-1 \|\| =2:9.2.0136-1 \|\| =2:9.2.0218-1	-
rpm rhel6	vim	-	-
rpm rhel7	vim	-	-
rpm rhel8	vim	-	-
rpm rhel9	vim	-	-

Aliases

1. CVE-2026-334122. NVD-2026-334123. OSV-2026-334124. OSV-ALPINE-2026-334125. OSV-DEBIAN-2026-334126. SECURITY-CVE-2026-334127. SECURITY-TRACKER-CVE-2026-33412