Lucene search
K

EulerOS 2.0 SP15 : vim (EulerOS-SA-2026-2472)

🗓️ 27 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

Vim on EulerOS 2.0 SP15 has vulnerabilities enabling command execution and crashes.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-28422
27 Feb 202622:08
attackerkb
ATTACKERKB
CVE-2026-34982
6 Apr 202615:16
attackerkb
ATTACKERKB
CVE-2026-28417
27 Feb 202621:54
attackerkb
ATTACKERKB
CVE-2026-33412
24 Mar 202619:43
attackerkb
ATTACKERKB
CVE-2026-28421
27 Feb 202622:06
attackerkb
ATTACKERKB
CVE-2026-28420
27 Feb 202622:04
attackerkb
ATTACKERKB
CVE-2026-35177
6 Apr 202617:54
attackerkb
ATTACKERKB
CVE-2026-28418
27 Feb 202621:58
attackerkb
Tenable Nessus
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1539)
13 Apr 202600:00
nessus
Tenable Nessus
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1584)
13 Apr 202600:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(323217);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/27");

  script_cve_id(
    "CVE-2026-28417",
    "CVE-2026-28418",
    "CVE-2026-28420",
    "CVE-2026-28421",
    "CVE-2026-28422",
    "CVE-2026-33412",
    "CVE-2026-34982",
    "CVE-2026-35177",
    "CVE-2026-39881"
  );

  script_name(english:"EulerOS 2.0 SP15 : vim (EulerOS-SA-2026-2472)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :

    Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection
    vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n)
    in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This
    vulnerability depends on the user's 'shell' setting. This issue has been patched in version
    9.2.0202.(CVE-2026-33412)

    Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in
    Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim
    connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This
    vulnerability is fixed in 9.2.0316.(CVE-2026-39881)

    Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's
    zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives,
    circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in
    9.2.0280.(CVE-2026-35177)

    Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in
    Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`,
    `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be
    executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused
    from sandboxed expressions. Commit 9.2.0276 fixes the issue.(CVE-2026-34982)

    Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow
    and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated
    fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the
    issue.(CVE-2026-28421)

    Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs
    in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide
    terminal. Version 9.2.0078 patches the issue.(CVE-2026-28422)

    Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow
    out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags
    file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074
    fixes the issue.(CVE-2026-28418)

    Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection
    vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted
    URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the
    privileges of the Vim process. Version 9.2.0073 fixes the issue.(CVE-2026-28417)

    Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow
    WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining
    characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.(CVE-2026-28420)

Tenable has extracted the preceding description block directly from the EulerOS vim security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-2472
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?54340502");
  script_set_attribute(attribute:"solution", value:
"Update the affected vim packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-39881");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP15");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(15)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP15");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP15", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "vim-common-9.0.2092-16.h21510.17.eulerosv2r15",
  "vim-enhanced-9.0.2092-16.h21510.17.eulerosv2r15",
  "vim-filesystem-9.0.2092-16.h21510.17.eulerosv2r15",
  "vim-minimal-9.0.2092-16.h21510.17.eulerosv2r15"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"15", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Jun 2026 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.17.8 - 8.2
EPSS0.01162
SSVC
8