Updated vim packages fix security vulnerabilities
Publication date: 09 May 2026Modification date: 09 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-39881 , CVE-2026-41411 , CVE-2026-42307
Description
Ex command injection in Vims NetBeans integration. (CVE-2026-39881)
Command injection via backtick expansion in tag filenames in Vim <
v9.2.0357. (CVE-2026-41411)
OS Command Injection in netrw affects Vim < 9.2.0383. (CVE-2026-42307)
OS Command Injection via 'path' completion affects Vim < 9.2.0435.
References
- https://bugs.mageia.org/show_bug.cgi?id=35332
- https://www.openwall.com/lists/oss-security/2026/04/07/13
- https://github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6
- https://www.openwall.com/lists/oss-security/2026/04/15/7
- https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8
- https://www.openwall.com/lists/oss-security/2026/04/22/8
- https://github.com/vim/vim/security/advisories/GHSA-85ch-p2qr-m5gx
- https://www.openwall.com/lists/oss-security/2026/05/03/11
- https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39881
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41411
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42307
SRPMS
9/core
- vim-9.2.437-1.mga9