CVE-2026-33412

high

Red Hat

CVSS v3 Base Score

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: March 24, 2026 (50 days ago)

Last Modified: March 24, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings.

CWE

CWE-78

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-33412

Vulnerability Report

Description

CWE

Affected Products

References