Security Advisory

CVE-2026-39881

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-08 20:18:19
Last updated 2026-04-09 13:50:24
Assigner GitHub_M
State PUBLISHED

Description

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vims netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.