VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-478j-4r8u-7yfx

Essentials
Severities (9)
References (40)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-478j-4r8u-7yfx
Aliases	CVE-2026-33412
Summary
Status	Published
Exploitability	0.5
Weighted Severity	6.6
Risk	3.3
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

System	Score	Found at
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33412.json
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2026-33412
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.6	https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
ssvc	Track	https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
cvssv3.1	5.6	https://github.com/vim/vim/releases/tag/v9.2.0202
ssvc	Track	https://github.com/vim/vim/releases/tag/v9.2.0202
cvssv3.1	5.6	https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
ssvc	Track	https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33412.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-33412
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33412
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1131450		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131450
2450907		https://bugzilla.redhat.com/show_bug.cgi?id=2450907
645ed6597d1ea896c712cd7ddbb6edee79577e9a		https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
GHSA-w5jw-f54h-x46c		https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
RHSA-2026:10065		https://access.redhat.com/errata/RHSA-2026:10065
RHSA-2026:10097		https://access.redhat.com/errata/RHSA-2026:10097
RHSA-2026:11768		https://access.redhat.com/errata/RHSA-2026:11768
RHSA-2026:12274		https://access.redhat.com/errata/RHSA-2026:12274
RHSA-2026:14773		https://access.redhat.com/errata/RHSA-2026:14773
RHSA-2026:15087		https://access.redhat.com/errata/RHSA-2026:15087
RHSA-2026:16008		https://access.redhat.com/errata/RHSA-2026:16008
RHSA-2026:16009		https://access.redhat.com/errata/RHSA-2026:16009
RHSA-2026:16174		https://access.redhat.com/errata/RHSA-2026:16174
RHSA-2026:17596		https://access.redhat.com/errata/RHSA-2026:17596
RHSA-2026:25096		https://access.redhat.com/errata/RHSA-2026:25096
RHSA-2026:6502		https://access.redhat.com/errata/RHSA-2026:6502
RHSA-2026:6539		https://access.redhat.com/errata/RHSA-2026:6539
RHSA-2026:6540		https://access.redhat.com/errata/RHSA-2026:6540
RHSA-2026:6617		https://access.redhat.com/errata/RHSA-2026:6617
RHSA-2026:6619		https://access.redhat.com/errata/RHSA-2026:6619
RHSA-2026:6620		https://access.redhat.com/errata/RHSA-2026:6620
RHSA-2026:6725		https://access.redhat.com/errata/RHSA-2026:6725
RHSA-2026:6729		https://access.redhat.com/errata/RHSA-2026:6729
RHSA-2026:6730		https://access.redhat.com/errata/RHSA-2026:6730
RHSA-2026:6731		https://access.redhat.com/errata/RHSA-2026:6731
RHSA-2026:6736		https://access.redhat.com/errata/RHSA-2026:6736
RHSA-2026:6915		https://access.redhat.com/errata/RHSA-2026:6915
RHSA-2026:7239		https://access.redhat.com/errata/RHSA-2026:7239
RHSA-2026:7243		https://access.redhat.com/errata/RHSA-2026:7243
RHSA-2026:7335		https://access.redhat.com/errata/RHSA-2026:7335
RHSA-2026:7711		https://access.redhat.com/errata/RHSA-2026:7711
RHSA-2026:8259		https://access.redhat.com/errata/RHSA-2026:8259
RHSA-2026:8423		https://access.redhat.com/errata/RHSA-2026:8423
RHSA-2026:9832		https://access.redhat.com/errata/RHSA-2026:9832
USN-8171-1		https://usn.ubuntu.com/8171-1/
v9.2.0202		https://github.com/vim/vim/releases/tag/v9.2.0202

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33412.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:28:11Z/ Found at https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://github.com/vim/vim/releases/tag/v9.2.0202

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:28:11Z/ Found at https://github.com/vim/vim/releases/tag/v9.2.0202

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:28:11Z/ Found at https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

Exploit Prediction Scoring System (EPSS)

Percentile	0.01354
EPSS Score	0.00011
Published At	June 12, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:14:19.418565+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.6.0