Vim: OS Command Injection via 'path' completion

...

MGASA-2026-0123 Updated vim packages fix security vulnerabilities

Ex command injection in Vims NetBeans integration. CVE-2026-39881 Command injection via backtick expansion in tag filenames in Vim v9.2.0357. CVE-2026-41411 OS Command Injection in netrw affects Vim 9.2.0383. CVE-2026-42307 OS Command Injection via 'path' completion affects Vim 9.2.0435...

CVE-2026-44656 Vim: OS Command Injection via 'path' completion

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

GNU Bash code execution vulnerability in path completion(CVE-2017-5932)

1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab...

GNU / Bash v4.4 autocompletion Code Execution Vulnerability

Exploit for linux platform in category local exploits GNU Bash code execution vulnerability in path completion Jens Heyens, Ben Stock January 2017 1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be...