{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-08T22:38:53Z",
  "bugzilla" : {
    "description" : "Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin",
    "id" : "2468403",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2468403"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-78",
  "details" : [ "Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.", "A flaw was found in Vim’s netrw plugin. Improper sanitization of specially crafted filenames or URLs could allow shell metacharacters to be included in temporary filenames passed to external commands. A local attacker could exploit this issue to trigger unintended shell command execution when a user opens malicious content using affected netrw functionality." ],
  "statement" : "This vulnerability affects Vim’s netrw plugin URL and file handling functionality. Red Hat Product Security has assessed this issue as a Moderate severity vulnerability.\nA local attacker may craft malicious filenames or URLs containing shell metacharacters that trigger unintended shell command execution when opened by a victim using affected netrw functionality in Vim. Successful exploitation requires user interaction because the victim must open attacker-controlled content.\nRed Hat therefore assessed the Confidentiality and Integrity impacts as Low (C:L/I:L), with no direct Availability impact (A:N).",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42307\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42307\nhttps://github.com/vim/vim/commit/405e2fb6d54d5653523809e2853d99d1c000a5fc\nhttps://github.com/vim/vim/releases/tag/v9.2.0383\nhttps://github.com/vim/vim/security/advisories/GHSA-85ch-p2qr-m5gx" ],
  "name" : "CVE-2026-42307",
  "mitigation" : {
    "value" : "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}