Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Old Vim versions let hackers control your files through a connected server
DEBIAN-CVE-2026-39881
Summary
Using older versions of Vim, a hacker could access and manipulate your files if they control the server you're connected to. This is fixed in Vim version 9.2.0316, so update to the latest version to stay safe. If you can't update, consider using a different text editor or limiting access to your server.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | vim | All versions | – |
| debian | vim | All versions | – |
| debian | vim | All versions | – |
| debian | vim | All versions | – |
Original title
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands...
Original description
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.
- https://security-tracker.debian.org/tracker/CVE-2026-39881 Vendor Advisory
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026