CVE-2026-28417

MEDIUM LAB

Vim < 9.2.0073 - OS Command Injection via netrw Plugin SCP URL Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28417. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code demonstrating OS command injection in Vim's netrw plugin via crafted URI hostnames. Multiple PoC scripts (semicolon, command substitution, SFTP, backtick) confirm the vulnerability.

Description

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28417

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating OS command injection in Vim's netrw plugin via crafted URI hostnames. Multiple PoC scripts (semicolon, command substitution, SFTP, backtick) confirm the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Vim netrw plugin < v9.2.0073

No auth needed

Prerequisites: Vim with netrw plugin loaded · openssh-client installed · user interaction to open crafted URI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/02/27/6

Vendor Advisory x_refsource_confirm

https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336

Patch x_refsource_misc

https://github.com/vim/vim/commit/79348dbbc09332130f4c860

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/vim/vim/releases/tag/v9.2.0073

Related Analysis

72-Hour Stress Test

Scores

CVSS v3 4.4

EPSS 0.0116

EPSS Percentile 63.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2026-28417-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-78 CWE-86

Status published

Products (1)

vim/vim < 9.2.0073 (2 CPE variants)

Published Feb 27, 2026

Tracked Since Feb 28, 2026