Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Mageia 9 vim Essential OS Command Execution Patch MGASA-2026-0124

mageia
Calendar Grey May 9, 2026
Dist Mageia Esm H88
Updated vim packages fix multiple security issues including command injection vulnerabilities in Mageia 9.
MGASA-2026-0123 - Updated vim packages fix security vulnerabilities

Summary

Description: Ex command injection in Vims NetBeans integration. (CVE-2026-39881) Command injection via backtick expansion in tag filenames in Vim < v9.2.0357. (CVE-2026-41411) OS Command Injection in netrw affects Vim < 9.2.0383. (CVE-2026-42307) OS Command Injection via 'path' completion affects Vim < 9.2.0435.

References

- https://bugs.mageia.org/show_bug.cgi?id=35332

- https://www.openwall.com/lists/oss-security/2026/04/07/13

- https://github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6

- https://www.openwall.com/lists/oss-security/2026/04/15/7

- https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8

- https://www.openwall.com/lists/oss-security/2026/04/22/8

- https://github.com/vim/vim/security/advisories/GHSA-85ch-p2qr-m5gx

- https://www.openwall.com/lists/oss-security/2026/05/03/11

- https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39881

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41411

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42307

Resolution

SRPMS

- 9/core/vim-9.2.437-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 09 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0123.html
Type: security
CVE: CVE-2026-39881, CVE-2026-41411, CVE-2026-42307

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here