Netbeans Command Injection in Vim

56% confidence

Description

A command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages.

Affected Products

Vendor	Product	Versions
vim	—	< 9.2.0316

Related News (1 articles)

Tier C

oss-security2h ago

[vim-security] Netbeans command injection in Vim < v9.2.0316

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

9.2.0316

CWECWE-78

PublishedApr 7, 2026

Last enriched2h ago

Trending Score23

Source articles1

Independent1

Info Completeness6/14

Missing: cve_id, product, cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-35177EXP

Path traversal issue with zip.vim in Vim

Trending: 43

HIGHCVE-2026-34982

Vim modeline bypass via various options affects Vim < 9.2.0276

Trending: 42

CRITICALCVE-2026-34714EXP

CVE-2026-34714: Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configurat

Trending: 38

MEDIUMCVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n

Trending: 37

MEDIUMCVE-2026-26269

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim bu

Trending: 11

Pin to Dashboard

Verification

State: reported

Confidence: 56%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Patch Available

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026