DEBIAN-CVE-2026-39881

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2026-39881
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-39881.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-39881
Upstream
  • CVE-2026-39881
Published
2026-04-08T21:17:00.400Z
Modified
2026-04-09T09:01:44.719928Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N CVSS Calculator
Summary
[none]
Details

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.

References

Affected packages

Debian:11 / vim

Package

Name
vim
Purl
pkg:deb/debian/vim?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:8.*
2:8.2.2434-3
2:8.2.2434-3+deb11u1
2:8.2.2434-3+deb11u2
2:8.2.2434-3+deb11u3
2:8.2.3455-1
2:8.2.3455-2
2:8.2.3565-1
2:8.2.3995-1
2:8.2.4659-1
2:8.2.4793-1
2:9.*
2:9.0.0135-1
2:9.0.0229-1
2:9.0.0242-1
2:9.0.0626-1
2:9.0.0813-1
2:9.0.1000-1
2:9.0.1000-2
2:9.0.1000-3
2:9.0.1000-4
2:9.0.1378-1
2:9.0.1378-2
2:9.0.1658-1
2:9.0.1672-1
2:9.0.1894-1
2:9.0.2018-1
2:9.0.2087-1
2:9.0.2103-1
2:9.0.2116-1
2:9.0.2189-1
2:9.1.0-1
2:9.1.0016-1
2:9.1.0199-1
2:9.1.0374-1
2:9.1.0377-1
2:9.1.0496-1
2:9.1.0698-1
2:9.1.0709-1
2:9.1.0709-2
2:9.1.0777-1
2:9.1.0861-1
2:9.1.0967-1
2:9.1.0967-2
2:9.1.1113-1
2:9.1.1230-1
2:9.1.1230-2
2:9.1.1385-1
2:9.1.1766-1
2:9.1.1829-1
2:9.1.1846-1
2:9.1.1882-1
2:9.1.2103-1
2:9.1.2141-1
2:9.2.0119-1
2:9.2.0136-1
2:9.2.0218-1
2:9.2.0315-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-39881.json"

Debian:12 / vim

Package

Name
vim
Purl
pkg:deb/debian/vim?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:9.*
2:9.0.1378-2
2:9.0.1378-2+deb12u1
2:9.0.1378-2+deb12u2
2:9.0.1658-1
2:9.0.1672-1
2:9.0.1894-1
2:9.0.2018-1
2:9.0.2087-1
2:9.0.2103-1
2:9.0.2116-1
2:9.0.2189-1
2:9.1.0-1
2:9.1.0016-1
2:9.1.0199-1
2:9.1.0374-1
2:9.1.0377-1
2:9.1.0496-1
2:9.1.0698-1
2:9.1.0709-1
2:9.1.0709-2
2:9.1.0777-1
2:9.1.0861-1
2:9.1.0967-1
2:9.1.0967-2
2:9.1.1113-1
2:9.1.1230-1
2:9.1.1230-2
2:9.1.1385-1
2:9.1.1766-1
2:9.1.1829-1
2:9.1.1846-1
2:9.1.1882-1
2:9.1.2103-1
2:9.1.2141-1
2:9.2.0119-1
2:9.2.0136-1
2:9.2.0218-1
2:9.2.0315-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-39881.json"

Debian:13 / vim

Package

Name
vim
Purl
pkg:deb/debian/vim?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:9.*
2:9.1.1230-2
2:9.1.1385-1
2:9.1.1766-1
2:9.1.1829-1
2:9.1.1846-1
2:9.1.1882-1
2:9.1.2103-1
2:9.1.2141-1
2:9.2.0119-1
2:9.2.0136-1
2:9.2.0218-1
2:9.2.0315-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-39881.json"

Debian:14 / vim

Package

Name
vim
Purl
pkg:deb/debian/vim?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:9.*
2:9.1.1230-2
2:9.1.1385-1
2:9.1.1766-1
2:9.1.1829-1
2:9.1.1846-1
2:9.1.1882-1
2:9.1.2103-1
2:9.1.2141-1
2:9.2.0119-1
2:9.2.0136-1
2:9.2.0218-1
2:9.2.0315-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-39881.json"