2456722 – (CVE-2026-39881) CVE-2026-39881 vim: Vim: Arbitrary code execution via command injection in NetBeans interface

Bug 2456722 (CVE-2026-39881) - CVE-2026-39881 vim: Vim: Arbitrary code execution via command injection in NetBeans interface

Summary: CVE-2026-39881 vim: Vim: Arbitrary code execution via command injection in Ne...

Keywords:
Status:	NEW
Alias:	CVE-2026-39881
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2456806
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-08 21:02 UTC by OSIDB Bzimport
Modified:	2026-04-09 21:33 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-08 21:02:10 UTC

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.

Note You need to log in before you can comment on or make changes to this bug.