CVE-2026-42307 | vim up to 9.2.0382 URL os command injection (GHSA-85ch-p2qr-m5gx)

A vulnerability was found in vim up to 9.2.0382. It has been declared as critical. Affected by this issue is some unknown functionality of the component URL Handler. Such manipulation leads to os command injection.

This vulnerability is documented as CVE-2026-42307. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More