CVE-2026-28417 on CTRL-OS 24.05
Packages: vim, vim-full
Status: In Progress
CVE Information
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the
netrwstandard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using thescp://protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Updates
2026-03-27 23:52 CET
Metadata changes:
- Status for package
vim: “In Progress” - Status for package
vim-full: “In Progress”
2026-03-27 23:39 CET
Metadata changes:
- Status: In Progress
(Amended on: 2026-03-27 23:51 CET)
2026-03-27 22:53 CET
Metadata changes:
- Status: New