Security News

Cybersecurity news aggregator

πŸ”“
HIGH Vulnerabilities Ubuntu Security

USN-8213-1: Vim vulnerabilities

cve-2026-35177cve-2026-39881vim
Two vulnerabilities in Vim require patching: CVE-2026-35177 (CVSS 4.1) in the zip plugin allows arbitrary file overwrite leading to data deletion or code execution, and CVE-2026-39881 (CVSS 5.0) in the netbeans interface allows command execution via improper string sanitization. According to NVD data, Vim versions prior to 9.2.0280 are affected by CVE-2026-35177, and versions prior to 9.2.0316 are affected by CVE-2026-39881. Administrators should upgrade their systems to the specific Vim package versions listed in the Ubuntu security notice for their respective release.
Read Full Article →

Ubuntu Security Notices USN-8213-1 USN-8213-1: Vim vulnerabilities Publication date 27 April 2026 Overview Several security issues were fixed in Vim. Releases 25.10 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages vim - Vi IMproved - enhanced vi editor Details MichaΕ‚ Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. ( CVE-2026-35177 ) It was discovered that Vim's netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. ( CVE-2026-39881 ) MichaΕ‚ Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. ( CVE-2026-35177 ) It was discovered that Vim's netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. ( CVE-2026-39881 ) Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 25.10 questing vim – 2:9.1.0967-1ubuntu6.3 vim-athena – 2:9.1.0967-1ubuntu6.3 vim-common – 2:9.1.0967-1ubuntu6.3 vim-gtk3 – 2:9.1.0967-1ubuntu6.3 vim-gui-common – 2:9.1.0967-1ubuntu6.3 vim-motif – 2:9.1.0967-1ubuntu6.3 vim-nox – 2:9.1.0967-1ubuntu6.3 vim-runtime – 2:9.1.0967-1ubuntu6.3 vim-tiny – 2:9.1.0967-1ubuntu6.3 24.04 LTS noble vim – 2:9.1.0016-1ubuntu7.12 vim-athena – 2:9.1.0016-1ubuntu7.12 vim-common – 2:9.1.0016-1ubuntu7.12 vim-gtk3 – 2:9.1.0016-1ubuntu7.12 vim-gui-common – 2:9.1.0016-1ubuntu7.12 vim-motif – 2:9.1.0016-1ubuntu7.12 vim-nox – 2:9.1.0016-1ubuntu7.12 vim-runtime – 2:9.1.0016-1ubuntu7.12 vim-tiny – 2:9.1.0016-1ubuntu7.12 22.04 LTS jammy vim – 2:8.2.3995-1ubuntu2.28 vim-athena – 2:8.2.3995-1ubuntu2.28 vim-common – 2:8.2.3995-1ubuntu2.28 vim-gtk – 2:8.2.3995-1ubuntu2.28 vim-gtk3 – 2:8.2.3995-1ubuntu2.28 vim-gui-common – 2:8.2.3995-1ubuntu2.28 vim-nox – 2:8.2.3995-1ubuntu2.28 vim-runtime – 2:8.2.3995-1ubuntu2.28 vim-tiny – 2:8.2.3995-1ubuntu2.28 20.04 LTS focal vim – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-athena – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-common – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk3 – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-gui-common – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-nox – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-runtime – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . vim-tiny – 2:8.1.2269-1ubuntu5.32+esm4 Ubuntu Pro Fix available with Ubuntu Pro . 18.04 LTS bionic vim – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-athena – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-common – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-gnome – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk3 – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-gui-common – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-nox – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-runtime – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . vim-tiny – 2:8.0.1453-1ubuntu1.13+esm16 Ubuntu Pro Fix available with Ubuntu Pro . 16.04 LTS xenial vim – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-athena – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-athena-py2 – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-common – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gnome – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gnome-py2 – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk-py2 – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk3 – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gtk3-py2 – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-gui-common – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-nox – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-nox-py2 – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-runtime – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . vim-tiny – 2:7.4.1689-3ubuntu1.5+esm31 Ubuntu Pro Fix available with Ubuntu Pro . 14.04 LTS trusty vim – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-athena – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-common – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-gnome – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-gtk – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-gui-common – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-lesstif – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-nox – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-runtime – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. vim-tiny – 2:7.4.052-1ubuntu3.1+esm25 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-39881 CVE-2026-35177 CVE-2026-39881 CVE-2026-35177

Related Articles

INFO USN-8246-1: Vim vulnerabilities Ubuntu Security HIGH CVE-2026-35177 Path traversal issue with zip.vim in Vim Microsoft Security Response Center
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn