Home / mailings [USN-8342-1] Vim vulnerability
Posted on 28 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8342-1
May 28, 2026
vim vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Vim could be made to run arbitrary programs if it opened a specially
crafted file.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim did not properly handle backticks in tag
filenames. An attacker could possibly use this issue to execute
arbitrary commands.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
vim 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-athena 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-common 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-gtk 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-gtk3 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-nox 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-runtime 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
vim-tiny 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
xxd 2:8.1.2269-1ubuntu5.32+esm6
Available with Ubuntu Pro
Ubuntu 18.04 LTS
vim 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-athena 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-common 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-gnome 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-gtk 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-gtk3 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-nox 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-runtime 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
vim-tiny 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
xxd 2:8.0.1453-1ubuntu1.13+esm18
Available with Ubuntu Pro
Ubuntu 16.04 LTS
vim 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-athena 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-common 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-gnome 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-gtk 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-nox 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-runtime 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
vim-tiny 2:7.4.1689-3ubuntu1.5+esm33
Available with Ubuntu Pro
Ubuntu 14.04 LTS
vim 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-athena 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-common 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-gnome 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-gtk 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-lesstif 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-nox 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-runtime 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
vim-tiny 2:7.4.052-1ubuntu3.1+esm27
Available with Ubuntu Pro
In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8342-1
CVE-2026-41411
--===============8879668934646668398==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
