Lucene search
K

EulerOS 2.0 SP12 : vim (EulerOS-SA-2026-2636)

🗓️ 10 Jul 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Vim on EulerOS 2.0 SP12 has multiple pre‑9.2 vulnerabilities enabling command execution and file writes; update to fixed versions.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-28422
27 Feb 202622:08
attackerkb
ATTACKERKB
CVE-2026-34982
6 Apr 202615:16
attackerkb
ATTACKERKB
CVE-2026-33412
24 Mar 202619:43
attackerkb
ATTACKERKB
CVE-2026-28420
27 Feb 202622:04
attackerkb
ATTACKERKB
CVE-2026-35177
6 Apr 202617:54
attackerkb
ATTACKERKB
CVE-2026-42307
8 May 202622:38
attackerkb
ATTACKERKB
CVE-2026-28418
27 Feb 202621:58
attackerkb
ATTACKERKB
CVE-2026-46483
15 May 202614:57
attackerkb
ATTACKERKB
CVE-2026-41411
24 Apr 202616:51
attackerkb
ATTACKERKB
CVE-2026-44656
8 May 202622:40
attackerkb
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(326195);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/10");

  script_cve_id(
    "CVE-2026-28418",
    "CVE-2026-28420",
    "CVE-2026-28422",
    "CVE-2026-33412",
    "CVE-2026-34982",
    "CVE-2026-35177",
    "CVE-2026-39881",
    "CVE-2026-41411",
    "CVE-2026-42307",
    "CVE-2026-44656",
    "CVE-2026-46483"
  );

  script_name(english:"EulerOS 2.0 SP12 : vim (EulerOS-SA-2026-2636)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :

    Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability
    exists in tar#Vimuntar() in
    runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds
    :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted
    archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's
    context. This vulnerability is fixed in 9.2.0479.(CVE-2026-46483)

    Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability
    exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed
    through wildcard expansion to resolve environment variables and wildcards. If the filename field contains
    backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full
    privileges of the running user.(CVE-2026-41411)

    Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's
    zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives,
    circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in
    9.2.0280.(CVE-2026-35177)

    Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs
    in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide
    terminal. Version 9.2.0078 patches the issue.(CVE-2026-28422)

    Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in
    Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`,
    `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be
    executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused
    from sandboxed expressions. Commit 9.2.0276 fixes the issue.(CVE-2026-34982)

    Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow
    out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags
    file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074
    fixes the issue.(CVE-2026-28418)

    Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in
    Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim
    connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This
    vulnerability is fixed in 9.2.0316.(CVE-2026-39881)

    Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection
    vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-
    enclosed shell commands, those commands are executed during file name completion. Because the path option
    lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of
    a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find
    completion. This issue has been patched in version 9.2.0435.(CVE-2026-44656)

    Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection
    vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted
    URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell
    commands with the privileges of the Vim process. This issue has been patched in version
    9.2.0383.(CVE-2026-42307)

    Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection
    vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n)
    in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This
    vulnerability depends on the user's 'shell' setting. This issue has been patched in version
    9.2.0202.(CVE-2026-33412)

    Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow
    WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining
    characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.(CVE-2026-28420)

Tenable has extracted the preceding description block directly from the EulerOS vim security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-2636
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f6acbc5");
  script_set_attribute(attribute:"solution", value:
"Update the affected vim packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-39881");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-44656");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(12)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "vim-common-9.0-5.h31.eulerosv2r12",
  "vim-enhanced-9.0-5.h31.eulerosv2r12",
  "vim-filesystem-9.0-5.h31.eulerosv2r12",
  "vim-minimal-9.0-5.h31.eulerosv2r12"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"12", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Jul 2026 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.8 - 8.2
CVSS 44.6
EPSS0.00917
SSVC
2