Ubuntu 26.04 LTS Vim Critical Code Execution Threat USN-8246-1
ubuntu
May 7, 2026
Several security issues were fixed in Vim.
Summary
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
Micha\u0142 Majchrowicz discovered that Vim\u2019s zip plugin could overwrite
arbitrary files. An attacker could possibly use this issue to delete
sensitive data or execute arbitrary code. This issue only affected
Ubuntu 26.04 LTS. (CVE-2026-35177)
It was discovered that Vim\u2019s netbeans interface did not properly
sanitize certain strings. An attacker could possibly use this issue to
execute arbitrary commands. This issue only affected Ubuntu 26.04 LTS.
(CVE-2026-39881)
It was discovered that Vim did not properly handle backticks in tag
filenames. An attacker could possibly use this issue to execute arbitrary
commands. (CVE-2026-41411)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS vim 2:9.1.2141-1ubuntu4.1 vim-common 2:9.1.2141-1ubuntu4.1 vim-doc 2:9.1.2141-1ubuntu4.1 vim-gtk3 2:9.1.2141-1ubuntu4.1 vim-gui-common 2:9.1.2141-1ubuntu4.1 vim-motif 2:9.1.2141-1ubuntu4.1 vim-nox 2:9.1.2141-1ubuntu4.1 vim-runtime 2:9.1.2141-1ubuntu4.1 vim-tiny 2:9.1.2141-1ubuntu4.1 xxd 2:9.1.2141-1ubuntu4.1 Ubuntu 25.10 vim 2:9.1.0967-1ubuntu6.4 vim-athena 2:9.1.0967-1ubuntu6.4 vim-common 2:9.1.0967-1ubuntu6.4 vim-doc 2:9.1.0967-1ubuntu6.4 vim-gtk3 2:9.1.0967-1ubuntu6.4 vim-gui-common 2:9.1.0967-1ubuntu6.4 vim-motif 2:9.1.0967-1ubuntu6.4 vim-nox 2:9.1.0967-1ubuntu6.4 vim-runtime 2:9.1.0967-1ubuntu6.4 vim-tiny 2:9.1.0967-1ubuntu6.4 xxd 2:9.1.0967-1ubuntu6.4 Ubuntu 24.04 LTS vim 2:9.1.0016-1ubuntu7.13 vim-athena 2:9.1.0016-1ubuntu7.13 vim-common 2:9.1.0016-1ubuntu7.13 vim-doc 2:9.1.0016-1ubuntu7.13 vim-gtk3 2:9.1.0016-1ubuntu7.13 vim-gui-common 2:9.1.0016-1ubuntu7.13 vim-motif 2:9.1.0016-1ubuntu7.13 vim-nox 2:9.1.0016-1ubuntu7.13 vim-runtime 2:9.1.0016-1ubuntu7.13 vim-tiny 2:9.1.0016-1ubuntu7.13 xxd 2:9.1.0016-1ubuntu7.13 Ubuntu 22.04 LTS vim 2:8.2.3995-1ubuntu2.29 vim-athena 2:8.2.3995-1ubuntu2.29 vim-common 2:8.2.3995-1ubuntu2.29 vim-doc 2:8.2.3995-1ubuntu2.29 vim-gtk 2:8.2.3995-1ubuntu2.29 vim-gtk3 2:8.2.3995-1ubuntu2.29 vim-gui-common 2:8.2.3995-1ubuntu2.29 vim-nox 2:8.2.3995-1ubuntu2.29 vim-runtime 2:8.2.3995-1ubuntu2.29 vim-tiny 2:8.2.3995-1ubuntu2.29 xxd 2:8.2.3995-1ubuntu2.29 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8246-1
CVE-2026-35177, CVE-2026-39881, CVE-2026-41411
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8246-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!