CVE-2026-39881

Publication date

2026-04-08 20:18:19

Family

GitHub_M

State

PUBLISHED

Description

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vims netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.