Vulnerability-Lookup

RHSA-2026:8423

Vulnerability from csaf_redhat - Published: 2026-04-22 08:28 - Updated: 2026-04-23 06:09

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.18.38 bug fix and security update

Severity

Important

Notes

Topic: Red Hat OpenShift Container Platform release 4.18.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.38. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2026:8422 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ Security Fix(es): * libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive (CVE-2026-4111) * vim: Vim: Arbitrary code execution via command injection in glob() function (CVE-2026-33412) * vim: Vim: Arbitrary code execution via 'helpfile' option processing (CVE-2026-25749) * vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin (CVE-2026-28417) * vim: Vim: Denial of service and information disclosure via crafted swap file (CVE-2026-28421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Vendor Fix For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are as follows: (For x86_64 architecture) The image digest is sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145 (For s390x architecture) The image digest is sha256:15c373c763a87889521edd3bcfd1adde0503dedc03e0923b27b4aca67c712f79 (For ppc64le architecture) The image digest is sha256:c0ad2b1cd05475031978f791e9fefa14d25c362c5d533febf59d7e0f6245a0cc (For aarch64 architecture) The image digest is sha256:14581b093df0b4f6f01009454f7e999f7415066ea3ce21ade572d42dd0bd2955 All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli. https://access.redhat.com/errata/RHSA-2026:8423

Workaround Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2026-25749

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap buffer overflow. This could result in arbitrary code execution or a denial of service.

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVE-2026-28417

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system (OS) command injection vulnerability exists in the `netrw` standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the `scp://` protocol handler. Successful exploitation allows the attacker to execute arbitrary shell commands with the same privileges as the Vim process, leading to potential system compromise.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2026-28421

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2026-33412

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings.

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:8423	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2437843	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2443455	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2443474	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2446453	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2450907	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2026-4111	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2446453	external
	https://www.cve.org/CVERecord?id=CVE-2026-4111	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-4111	external
	https://github.com/libarchive/libarchive/pull/2877	external
	https://access.redhat.com/security/cve/CVE-2026-25749	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2437843	external
	https://www.cve.org/CVERecord?id=CVE-2026-25749	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-25749	external
	https://github.com/vim/vim/commit/0714b15940b2451…	external
	https://github.com/vim/vim/releases/tag/v9.1.2132	external
	https://github.com/vim/vim/security/advisories/GH…	external
	https://access.redhat.com/security/cve/CVE-2026-28417	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2443455	external
	https://www.cve.org/CVERecord?id=CVE-2026-28417	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-28417	external
	https://github.com/vim/vim/commit/79348dbbc093321…	external
	https://github.com/vim/vim/releases/tag/v9.2.0073	external
	https://github.com/vim/vim/security/advisories/GH…	external
	https://access.redhat.com/security/cve/CVE-2026-28421	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2443474	external
	https://www.cve.org/CVERecord?id=CVE-2026-28421	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-28421	external
	https://github.com/vim/vim/commit/65c1a143c331c886dc28	external
	https://github.com/vim/vim/releases/tag/v9.2.0077	external
	https://github.com/vim/vim/security/advisories/GH…	external
	https://access.redhat.com/security/cve/CVE-2026-33412	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2450907	external
	https://www.cve.org/CVERecord?id=CVE-2026-33412	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-33412	external
	https://github.com/vim/vim/commit/645ed6597d1ea89…	external
	https://github.com/vim/vim/releases/tag/v9.2.0202	external
	https://github.com/vim/vim/security/advisories/GH…	external

Acknowledgments

Elhanan Haenel

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.18.38 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.18.38. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2026:8422\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* libarchive: Infinite Loop Denial of Service in RAR5 Decompression via\narchive_read_data() in libarchive (CVE-2026-4111)\n* vim: Vim: Arbitrary code execution via command injection in glob()\nfunction (CVE-2026-33412)\n* vim: Vim: Arbitrary code execution via \u0027helpfile\u0027 option processing\n(CVE-2026-25749)\n* vim: Vim: Arbitrary code execution via OS command injection in the netrw\nplugin (CVE-2026-28417)\n* vim: Vim: Denial of service and information disclosure via crafted swap\nfile (CVE-2026-28421)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:8423",
        "url": "https://access.redhat.com/errata/RHSA-2026:8423"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2437843",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437843"
      },
      {
        "category": "external",
        "summary": "2443455",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443455"
      },
      {
        "category": "external",
        "summary": "2443474",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443474"
      },
      {
        "category": "external",
        "summary": "2446453",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
      },
      {
        "category": "external",
        "summary": "2450907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450907"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8423.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.38 bug fix and security update",
    "tracking": {
      "current_release_date": "2026-04-23T06:09:11+00:00",
      "generator": {
        "date": "2026-04-23T06:09:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:8423",
      "initial_release_date": "2026-04-22T08:28:27+00:00",
      "revision_history": [
        {
          "date": "2026-04-22T08:28:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-22T08:28:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-23T06:09:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.18",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.18",
                  "product_id": "9Base-RHOSE-4.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-aarch64-418.94.202604140044-0",
                "product": {
                  "name": "rhcos-aarch64-418.94.202604140044-0",
                  "product_id": "rhcos-aarch64-418.94.202604140044-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202604140044?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-ppc64le-418.94.202604140044-0",
                "product": {
                  "name": "rhcos-ppc64le-418.94.202604140044-0",
                  "product_id": "rhcos-ppc64le-418.94.202604140044-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202604140044?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-s390x-418.94.202604140044-0",
                "product": {
                  "name": "rhcos-s390x-418.94.202604140044-0",
                  "product_id": "rhcos-s390x-418.94.202604140044-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202604140044?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-x86_64-418.94.202604140044-0",
                "product": {
                  "name": "rhcos-x86_64-418.94.202604140044-0",
                  "product_id": "rhcos-x86_64-418.94.202604140044-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202604140044?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-aarch64-418.94.202604140044-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0"
        },
        "product_reference": "rhcos-aarch64-418.94.202604140044-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-ppc64le-418.94.202604140044-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0"
        },
        "product_reference": "rhcos-ppc64le-418.94.202604140044-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-s390x-418.94.202604140044-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0"
        },
        "product_reference": "rhcos-s390x-418.94.202604140044-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-x86_64-418.94.202604140044-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
        },
        "product_reference": "rhcos-x86_64-418.94.202604140044-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Elhanan Haenel"
          ]
        }
      ],
      "cve": "CVE-2026-4111",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2026-03-11T11:18:51.609000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2446453"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team would likely assess the severity of this vulnerability as High because it allows remote attackers to cause a persistent denial-of-service condition using a small crafted archive file. Successful exploitation requires no authentication, no special configuration, and no user interaction in environments that automatically process uploaded archives. By repeatedly submitting malicious archives, an attacker can exhaust CPU resources or worker threads in services such as file upload systems, CI/CD pipelines, mail scanners, and content indexing services that rely on libarchive for archive extraction.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4111"
        },
        {
          "category": "external",
          "summary": "RHBZ#2446453",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111"
        },
        {
          "category": "external",
          "summary": "https://github.com/libarchive/libarchive/pull/2877",
          "url": "https://github.com/libarchive/libarchive/pull/2877"
        }
      ],
      "release_date": "2026-03-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-22T08:28:27+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145\n\n      (For s390x architecture)\n      The image digest is sha256:15c373c763a87889521edd3bcfd1adde0503dedc03e0923b27b4aca67c712f79\n\n      (For ppc64le architecture)\n      The image digest is sha256:c0ad2b1cd05475031978f791e9fefa14d25c362c5d533febf59d7e0f6245a0cc\n\n      (For aarch64 architecture)\n      The image digest is sha256:14581b093df0b4f6f01009454f7e999f7415066ea3ce21ade572d42dd0bd2955\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive"
    },
    {
      "cve": "CVE-2026-25749",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-02-09T11:08:59.061581+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437843"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the \u0027helpfile\u0027 option. A local user could exploit this by providing a specially crafted \u0027helpfile\u0027 option value, leading to a heap buffer overflow. This could result in arbitrary code execution or a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: Vim: Arbitrary code execution via \u0027helpfile\u0027 option processing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This MODERATE impact vulnerability in Vim\u0027s tag file resolution logic allows a local attacker to achieve a out-of-bounds write. By providing a specially crafted `helpfile` option value a local user can trigger a heap buffer overflow, as consequence lead to memory corruption presenting a data integrity impact or leading the vim process to crash resulting in availability impact. Although being non-trivial and very complex, arbitrary code execution is not discarded as worst case scenario.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25749"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437843",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437843"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25749"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9",
          "url": "https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/releases/tag/v9.1.2132",
          "url": "https://github.com/vim/vim/releases/tag/v9.1.2132"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43"
        }
      ],
      "release_date": "2026-02-06T22:43:38.630000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-22T08:28:27+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145\n\n      (For s390x architecture)\n      The image digest is sha256:15c373c763a87889521edd3bcfd1adde0503dedc03e0923b27b4aca67c712f79\n\n      (For ppc64le architecture)\n      The image digest is sha256:c0ad2b1cd05475031978f791e9fefa14d25c362c5d533febf59d7e0f6245a0cc\n\n      (For aarch64 architecture)\n      The image digest is sha256:14581b093df0b4f6f01009454f7e999f7415066ea3ce21ade572d42dd0bd2955\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: Vim: Arbitrary code execution via \u0027helpfile\u0027 option processing"
    },
    {
      "cve": "CVE-2026-28417",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-02-27T22:01:53.728412+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2443455"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system (OS) command injection vulnerability exists in the `netrw` standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the `scp://` protocol handler. Successful exploitation allows the attacker to execute arbitrary shell commands with the same privileges as the Vim process, leading to potential system compromise.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The risk posed by this vulnerability is limited on Red Hat products due to user and system isolation features which are enabled by default. The impacts of this flaw will be limited by the active user\u0027s permissions and access control limits. Host systems are not at risk when following Red Hat guidelines and the root user account is not actively executing Vim.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28417"
        },
        {
          "category": "external",
          "summary": "RHBZ#2443455",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443455"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28417",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28417"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860",
          "url": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/releases/tag/v9.2.0073",
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0073"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336"
        }
      ],
      "release_date": "2026-02-27T21:54:35.196000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-22T08:28:27+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145\n\n      (For s390x architecture)\n      The image digest is sha256:15c373c763a87889521edd3bcfd1adde0503dedc03e0923b27b4aca67c712f79\n\n      (For ppc64le architecture)\n      The image digest is sha256:c0ad2b1cd05475031978f791e9fefa14d25c362c5d533febf59d7e0f6245a0cc\n\n      (For aarch64 architecture)\n      The image digest is sha256:14581b093df0b4f6f01009454f7e999f7415066ea3ce21ade572d42dd0bd2955\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin"
    },
    {
      "cve": "CVE-2026-28421",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-02-27T23:01:44.673504+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2443474"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: Vim: Denial of service and information disclosure via crafted swap file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The risk posed by this vulnerability is limited on Red Hat products due to user and system isolation features which are enabled by default. The impacts of this flaw will be limited by the active user\u0027s permissions and access control limits. Host systems are not at risk when following Red Hat guidelines and the root user account is not actively executing Vim.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28421"
        },
        {
          "category": "external",
          "summary": "RHBZ#2443474",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443474"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28421",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28421"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/65c1a143c331c886dc28",
          "url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/releases/tag/v9.2.0077",
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0077"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"
        }
      ],
      "release_date": "2026-02-27T22:06:34.312000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-22T08:28:27+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145\n\n      (For s390x architecture)\n      The image digest is sha256:15c373c763a87889521edd3bcfd1adde0503dedc03e0923b27b4aca67c712f79\n\n      (For ppc64le architecture)\n      The image digest is sha256:c0ad2b1cd05475031978f791e9fefa14d25c362c5d533febf59d7e0f6245a0cc\n\n      (For aarch64 architecture)\n      The image digest is sha256:14581b093df0b4f6f01009454f7e999f7415066ea3ce21ade572d42dd0bd2955\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: Vim: Denial of service and information disclosure via crafted swap file"
    },
    {
      "cve": "CVE-2026-33412",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-03-24T20:02:21.511965+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vim. By including a newline character in a pattern passed to Vim\u0027s glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user\u0027s shell settings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: Vim: Arbitrary code execution via command injection in glob() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33412"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33412"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33412",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33412"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a",
          "url": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/releases/tag/v9.2.0202",
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0202"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c"
        }
      ],
      "release_date": "2026-03-24T19:43:07.219000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-22T08:28:27+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145\n\n      (For s390x architecture)\n      The image digest is sha256:15c373c763a87889521edd3bcfd1adde0503dedc03e0923b27b4aca67c712f79\n\n      (For ppc64le architecture)\n      The image digest is sha256:c0ad2b1cd05475031978f791e9fefa14d25c362c5d533febf59d7e0f6245a0cc\n\n      (For aarch64 architecture)\n      The image digest is sha256:14581b093df0b4f6f01009454f7e999f7415066ea3ce21ade572d42dd0bd2955\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202604140044-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202604140044-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vim: Vim: Arbitrary code execution via command injection in glob() function"
    }
  ]
}

CVE-2026-25749 (GCVE-0-2026-25749)

Vulnerability from cvelistv5 – Published: 2026-02-06 22:43 – Updated: 2026-02-09 15:26

Title

Heap Overflow in Vim

Summary

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

Severity ?

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GH…	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/0714b15940b2451…	x_refsource_MISC
	https://github.com/vim/vim/releases/tag/v9.1.2132	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Affected: < 9.1.2132

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T15:19:14.443777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T15:26:17.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.1.2132"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim\u0027s tag file resolution logic when processing the \u0027helpfile\u0027 option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled \u0027helpfile\u0027 option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-06T22:43:38.630Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43"
        },
        {
          "name": "https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9"
        },
        {
          "name": "https://github.com/vim/vim/releases/tag/v9.1.2132",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/releases/tag/v9.1.2132"
        }
      ],
      "source": {
        "advisory": "GHSA-5w93-4g67-mm43",
        "discovery": "UNKNOWN"
      },
      "title": "Heap Overflow in Vim"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25749",
    "datePublished": "2026-02-06T22:43:38.630Z",
    "dateReserved": "2026-02-05T18:35:52.356Z",
    "dateUpdated": "2026-02-09T15:26:17.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28417 (GCVE-0-2026-28417)

Vulnerability from cvelistv5 – Published: 2026-02-27 21:54 – Updated: 2026-03-02 21:51

Title

Vim has OS Command Injection in netrw

Summary

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-86 - Improper Neutralization of Invalid Characters in Identifiers in Web Pages

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GH…	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/79348dbbc093321…	x_refsource_MISC
	https://github.com/vim/vim/releases/tag/v9.2.0073	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Affected: < 9.2.0073

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-28T00:15:30.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/27/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-02T21:51:08.852199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-02T21:51:24.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.2.0073"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-86",
              "description": "CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T21:54:35.196Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336"
        },
        {
          "name": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860"
        },
        {
          "name": "https://github.com/vim/vim/releases/tag/v9.2.0073",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0073"
        }
      ],
      "source": {
        "advisory": "GHSA-m3xh-9434-g336",
        "discovery": "UNKNOWN"
      },
      "title": "Vim has OS Command Injection in netrw"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28417",
    "datePublished": "2026-02-27T21:54:35.196Z",
    "dateReserved": "2026-02-27T15:33:57.290Z",
    "dateUpdated": "2026-03-02T21:51:24.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4111 (GCVE-0-2026-4111)

Vulnerability from cvelistv5 – Published: 2026-03-13 11:45 – Updated: 2026-04-23 06:07

Title

Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:10065	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5063	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5080	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:6647	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:7093	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:7105	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:7106	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:7239	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:7329	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:7335	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:8423	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:8746	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:8747	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:8748	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:8865	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:9832	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-4111	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2446453	issue-trackingx_refsource_REDHAT
	https://github.com/libarchive/libarchive/pull/2877

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:3.7.7-5.el10_1 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:3.7.7-5.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.5.3-7.el9_7 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.5.3-7.el9_7 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:3.5.3-2.el9_0.3 , < * (rpm) cpe:/o:redhat:rhel_e4s:9.0::baseos cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.5.3-5.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.5.3-4.el9_4.2 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:3.5.3-6.el9_6.1 , < * (rpm) cpe:/o:redhat:rhel_eus:9.6::baseos cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat OpenShift Container Platform 4.13	Unaffected: 413.92.202604080111-0 , < * (rpm) cpe:/a:redhat:openshift:4.13::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: 418.94.202604140044-0 , < * (rpm) cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat AI Inference Server 3.2	Unaffected: sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e , < * (rpm) cpe:/a:redhat:ai_inference_server:3.2::el9
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: sha256:813ba7ccd1696b44deb90d9e6cd8af114bdb47781eae7f27246a81fba062a892 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: sha256:be6d568f28044533e4ad80f0856407c359e2eaf31a6b89cada433e6575d2300e , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat Discovery 2	Unaffected: sha256:040dadd657afdb9f0914f896a4962fd3dbf40b70c8037e4d72b6801b766c9b7d , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Discovery 2	Unaffected: sha256:062310de4b34e278f8c7e4634def673a77d1228d493541ef1264ba4cb83b68eb , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Insights proxy 1.5	Unaffected: sha256:16b5fab54718cedc94d43f2bd55bd14a469cfbfbbbd0fe634ed81783196d2f42 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: sha256:8ac1507077086484155f94d2289df0f1d22bfe8f5f15589d6b354f11fe21d930 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: sha256:8e13332d210961a93746eb0bd3761fa220dc710aada98b121320184aef2e5709 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: sha256:8fbf461b33717d3463e4f802b1a257b7e43d60c3e9568f710df83db36a04a4fe , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: sha256:7eae5b16539484129c6ce169b41a3e1da7d7dd1296d2677acf7e9c3d1bce00ed , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Hardened Images	cpe:/a:redhat:hummingbird:1

Date Public ?

2026-03-11 00:00

Credits

Red Hat would like to thank Elhanan Haenel for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-13T13:36:13.170394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-13T13:36:18.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.7-5.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.7-5.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-7.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-7.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:9.0::baseos",
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-2.el9_0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-5.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-4.el9_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.6::baseos",
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-6.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202604080111-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202604140044-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:813ba7ccd1696b44deb90d9e6cd8af114bdb47781eae7f27246a81fba062a892",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:be6d568f28044533e4ad80f0856407c359e2eaf31a6b89cada433e6575d2300e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:040dadd657afdb9f0914f896a4962fd3dbf40b70c8037e4d72b6801b766c9b7d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:062310de4b34e278f8c7e4634def673a77d1228d493541ef1264ba4cb83b68eb",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:16b5fab54718cedc94d43f2bd55bd14a469cfbfbbbd0fe634ed81783196d2f42",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/cds-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:8ac1507077086484155f94d2289df0f1d22bfe8f5f15589d6b354f11fe21d930",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/haproxy-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:8e13332d210961a93746eb0bd3761fa220dc710aada98b121320184aef2e5709",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/installer-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:8fbf461b33717d3463e4f802b1a257b7e43d60c3e9568f710df83db36a04a4fe",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/rhua-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:7eae5b16539484129c6ce169b41a3e1da7d7dd1296d2677acf7e9c3d1bce00ed",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Elhanan Haenel for reporting this issue."
        }
      ],
      "datePublic": "2026-03-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T06:07:50.360Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:10065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10065"
        },
        {
          "name": "RHSA-2026:5063",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5063"
        },
        {
          "name": "RHSA-2026:5080",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5080"
        },
        {
          "name": "RHSA-2026:6647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6647"
        },
        {
          "name": "RHSA-2026:7093",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7093"
        },
        {
          "name": "RHSA-2026:7105",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7105"
        },
        {
          "name": "RHSA-2026:7106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7106"
        },
        {
          "name": "RHSA-2026:7239",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7239"
        },
        {
          "name": "RHSA-2026:7329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7329"
        },
        {
          "name": "RHSA-2026:7335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7335"
        },
        {
          "name": "RHSA-2026:8423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        },
        {
          "name": "RHSA-2026:8746",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8746"
        },
        {
          "name": "RHSA-2026:8747",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8747"
        },
        {
          "name": "RHSA-2026:8748",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8748"
        },
        {
          "name": "RHSA-2026:8865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8865"
        },
        {
          "name": "RHSA-2026:9832",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:9832"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4111"
        },
        {
          "name": "RHBZ#2446453",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2877"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-11T11:18:51.609Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-11T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4111",
    "datePublished": "2026-03-13T11:45:20.653Z",
    "dateReserved": "2026-03-13T11:33:42.645Z",
    "dateUpdated": "2026-04-23T06:07:50.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33412 (GCVE-0-2026-33412)

Vulnerability from cvelistv5 – Published: 2026-03-24 19:43 – Updated: 2026-03-26 03:55

Title

Vim affected by Command injection via newline in glob()

Summary

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Severity ?

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GH…	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/645ed6597d1ea89…	x_refsource_MISC
	https://github.com/vim/vim/releases/tag/v9.2.0202	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Affected: < 9.2.0202

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-03-24T20:16:21.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/03/19/10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T03:55:39.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.2.0202"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T19:43:07.219Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c"
        },
        {
          "name": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a"
        },
        {
          "name": "https://github.com/vim/vim/releases/tag/v9.2.0202",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0202"
        }
      ],
      "source": {
        "advisory": "GHSA-w5jw-f54h-x46c",
        "discovery": "UNKNOWN"
      },
      "title": "Vim affected by Command injection via newline in glob()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33412",
    "datePublished": "2026-03-24T19:43:07.219Z",
    "dateReserved": "2026-03-19T17:02:34.171Z",
    "dateUpdated": "2026-03-26T03:55:39.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28421 (GCVE-0-2026-28421)

Vulnerability from cvelistv5 – Published: 2026-02-27 22:06 – Updated: 2026-03-02 21:53

Title

Vim has a heap-buffer-overflow and a segmentation fault

Summary

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-20 - Improper Input Validation
CWE-122 - Heap-based Buffer Overflow

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GH…	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/65c1a143c331c886dc28	x_refsource_MISC
	https://github.com/vim/vim/releases/tag/v9.2.0077	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Affected: < 9.2.0077

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-28T00:15:36.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/27/10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28421",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-02T21:53:15.857016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-02T21:53:26.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.2.0077"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim\u0027s swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T22:06:34.312Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"
        },
        {
          "name": "https://github.com/vim/vim/commit/65c1a143c331c886dc28",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"
        },
        {
          "name": "https://github.com/vim/vim/releases/tag/v9.2.0077",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0077"
        }
      ],
      "source": {
        "advisory": "GHSA-r2gw-2x48-jj5p",
        "discovery": "UNKNOWN"
      },
      "title": "Vim has a heap-buffer-overflow and a segmentation fault"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28421",
    "datePublished": "2026-02-27T22:06:34.312Z",
    "dateReserved": "2026-02-27T15:54:05.136Z",
    "dateUpdated": "2026-03-02T21:53:26.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:8423

CVE-2026-25749 (GCVE-0-2026-25749)

CVE-2026-28417 (GCVE-0-2026-28417)

CVE-2026-4111 (GCVE-0-2026-4111)

CVE-2026-33412 (GCVE-0-2026-33412)

CVE-2026-28421 (GCVE-0-2026-28421)

Tags

Sightings

Nomenclature