CVE-2026-33412 on CTRL-OS 24.05

Packages: vim, vim-full

Status: In Progress

CVE Information

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Updates

2026-03-27 23:52 CET

Metadata changes:

Status for package vim: “In Progress”
Status for package vim-full: “In Progress”

2026-03-27 23:41 CET

Metadata changes:

Status: In Progress

(Amended on: 2026-03-27 23:52 CET)

2026-03-27 22:46 CET

Metadata changes:

Status: New