Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE 2026 1764-1 Moderate Risk of Vim Command Injection Vulnerability

suse
Calendar Grey May 8, 2026
Dist Suse Esm H88
SUSE updates vim to address command injection security risk with moderate severity. Install the latest update now.
An update that solves one vulnerability can now be installed.

Summary

## This update for vim fixes the following issue: Security fixes: * CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833). Other fixes: * Update to 9.2.0398. * 9.2.0398: MS-Windows: missing strptime() support * 9.2.0397: tabpanel: double-click opens a new tab * 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS * 9.2.0395: tests: Test_backupskip() may read from $HOME * 9.2.0394: xxd: offsets greater than LONG_MAX print as negative * 9.2.0393: MS-Windows: link error with XPM support on UCRT64 * 9.2.0392: tests: Some tests are flaky * 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting * 9.2.0390: filetype: some Beancount files are not recognized * 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app

References

* bsc#1261833

Cross-

* CVE-2026-39881

CVSS scores:

* CVE-2026-39881 ( SUSE ): 5.3

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-39881 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

* CVE-2026-39881 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N

* CVE-2026-39881 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2026-39881.html

* https://bugzilla.suse.com/show_bug.cgi?id=1261833

Announcement ID: SUSE-SU-2026:1764-1
Release Date: 2026-05-08T10:39:49Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here