ALPINE-CVE-2026-41411

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2026-41411

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-41411.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2026-41411

Upstream

CVE-2026-41411

Published

2026-04-24T17:16:22.037Z

Modified

2026-04-25T08:30:27.370757Z

Severity

6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVSS Calculator

Summary

[none]

Details

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., command), Vim executes the embedded command via the system shell with the full privileges of the running user.

References

https://security.alpinelinux.org/vuln/CVE-2026-41411

Affected packages

Alpine:v3.23 / vim

Package

Name: vim
Purl: pkg:apk/alpine/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.2.0357-r0

Affected versions

7.*

7.2.284-r0

7.2.394-r0

7.2.394-r1

7.2.411-r0

7.3-r0

7.3.003-r0

7.3.82-r0

7.3.112-r0

7.3.112-r1

7.3.154-r0

7.3.198-r0

7.3.206-r0

7.3.206-r1

7.3.266-r0

7.3.333-r0

7.3.364-r0

7.3.401-r0

7.3.434-r0

7.3.495-r0

7.3.515-r0

7.3.547-r0

7.3.600-r0

7.3.659-r0

7.3.661-r0

7.3.692-r0

7.3.712-r0

7.3.754-r0

7.3.1070-r0

7.3.1136-r0

7.4-r0

7.4-r1

7.4-r2

7.4-r3

7.4.712-r0

7.4.712-r1

7.4.861-r0

7.4.861-r1

7.4.943-r0

7.4.943-r1

7.4.943-r2

7.4.1225-r0

7.4.1225-r1

7.4.1591-r0

7.4.1831-r0

7.4.1831-r1

7.4.2028-r0

8.*

8.0.0003-r0

8.0.0008-r0

8.0.0027-r0

8.0.0056-r0

8.0.0178-r0

8.0.0187-r0

8.0.0329-r0

8.0.0348-r0

8.0.0349-r0

8.0.0460-r0

8.0.0559-r0

8.0.0594-r0

8.0.0595-r0

8.0.0642-r0

8.0.0972-r0

8.0.0974-r0

8.0.1137-r0

8.0.1171-r0

8.0.1240-r0

8.0.1300-r0

8.0.1359-r0

8.0.1367-r0

8.0.1424-r0

8.0.1424-r1

8.0.1521-r0

8.0.1727-r0

8.1.0022-r0

8.1.0026-r0

8.1.0077-r0

8.1.0115-r0

8.1.0630-r0

8.1.0829-r0

8.1.0829-r1

8.1.1075-r0

8.1.1075-r1

8.1.1364-r0

8.1.1365-r0

8.1.2137-r0

8.1.2137-r1

8.1.2300-r0

8.2.0-r0

8.2.0357-r0

8.2.0735-r0

8.2.1017-r0

8.2.1168-r0

8.2.1353-r0

8.2.1419-r0

8.2.1736-r0

8.2.1843-r0

8.2.1843-r1

8.2.1843-r2

8.2.2013-r0

8.2.2084-r0

8.2.2137-r0

8.2.2303-r0

8.2.2320-r0

8.2.2404-r0

8.2.2559-r0

8.2.2677-r0

8.2.2677-r1

8.2.2800-r0

8.2.2822-r0

8.2.2822-r1

8.2.2852-r0

8.2.2956-r0

8.2.2968-r0

8.2.3082-r0

8.2.3156-r0

8.2.3275-r0

8.2.3300-r0

8.2.3437-r0

8.2.3437-r1

8.2.3500-r0

8.2.3567-r0

8.2.3650-r0

8.2.3779-r0

8.2.3779-r1

8.2.4173-r0

8.2.4350-r0

8.2.4542-r0

8.2.4542-r1

8.2.4619-r0

8.2.4708-r0

8.2.4836-r0

8.2.4969-r0

8.2.5000-r0

8.2.5055-r0

8.2.5170-r0

9.*

9.0.0009-r0

9.0.0050-r0

9.0.0124-r0

9.0.0224-r0

9.0.0234-r0

9.0.0270-r0

9.0.0369-r0

9.0.0437-r0

9.0.0598-r0

9.0.0636-r0

9.0.0693-r0

9.0.0728-r0

9.0.0792-r0

9.0.0815-r0

9.0.0820-r0

9.0.0999-r0

9.0.1085-r0

9.0.1093-r0

9.0.1107-r0

9.0.1128-r0

9.0.1167-r0

9.0.1188-r0

9.0.1198-r0

9.0.1215-r0

9.0.1251-r0

9.0.1261-r0

9.0.1291-r0

9.0.1294-r0

9.0.1304-r0

9.0.1313-r0

9.0.1313-r1

9.0.1337-r0

9.0.1337-r1

9.0.1395-r0

9.0.1413-r0

9.0.1440-r0

9.0.1440-r1

9.0.1440-r2

9.0.1482-r0

9.0.1495-r0

9.0.1506-r0

9.0.1520-r0

9.0.1558-r0

9.0.1568-r0

9.0.1607-r0

9.0.1632-r0

9.0.1676-r0

9.0.1888-r0

9.0.1994-r0

9.0.2073-r0

9.0.2112-r0

9.0.2127-r0

9.0.2127-r1

9.1.0-r0

9.1.0-r1

9.1.0-r2

9.1.0414-r0

9.1.0652-r0

9.1.0678-r0

9.1.0707-r0

9.1.0936-r0

9.1.1012-r0

9.1.1105-r0

9.1.1164-r0

9.1.1202-r0

9.1.1202-r1

9.1.1379-r0

9.1.1397-r0

9.1.1406-r0

9.1.1415-r0

9.1.1457-r0

9.1.1471-r0

9.1.1485-r0

9.1.1516-r0

9.1.1533-r0

9.1.1533-r1

9.1.1552-r0

9.1.1557-r0

9.1.1557-r1

9.1.1566-r0

9.1.1582-r0

9.1.1582-r1

9.1.1591-r0

9.1.1593-r0

9.1.1595-r0

9.1.1616-r0

9.1.1623-r0

9.1.1627-r0

9.1.1629-r0

9.1.1634-r0

9.1.1652-r0

9.1.1663-r0

9.1.1678-r0

9.1.1684-r0

9.1.1706-r0

9.1.1723-r0

9.1.1730-r0

9.1.1738-r0

9.1.1740-r0

9.1.1747-r0

9.1.1752-r0

9.1.1760-r0

9.1.1765-r0

9.1.1775-r0

9.1.1785-r0

9.1.1792-r0

9.1.1806-r0

9.1.1818-r0

9.1.1831-r0

9.1.1840-r0

9.1.1846-r0

9.1.1854-r0

9.1.1863-r0

9.1.1868-r0

9.1.1871-r0

9.1.1879-r0

9.1.1882-r0

9.1.1891-r0

9.1.1896-r0

9.1.1900-r0

9.1.1908-r0

9.1.1917-r0

9.1.1924-r0

9.1.1926-r0

9.1.1930-r0

9.1.1942-r0

9.1.2132-r0

9.2.0078-r0

9.2.0140-r0

9.2.0219-r0

9.2.0272-r0

9.2.0280-r0

9.2.0321-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-41411.json"