You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
netrw security
About this tag
The netrw security tag covers vulnerabilities and patching guidance for the netrw plugin bundled with Vim, particularly in Windows environments. Recent content focuses on CVE-2026-47162, a high-severity directory name injection flaw that allows arbitrary Vimscript execution when a crafted directory is opened. Microsoft disclosed this bug in its Security Update Guide, highlighting how open-source tools like Vim and netrw are part of the Windows attack surface, especially on developer workstations, WSL, and admin shells. Discussions emphasize that netrw security issues are not Windows kernel flaws but require careful patching and configuration to prevent code execution via malicious directory names.
Microsoft disclosed CVE-2026-47162 on June 11, 2026, as a high-severity Vim vulnerability in the bundled netrw plugin, where a crafted directory name can inject Vimscript into netrw’s history file and execute code when that file is later sourced. The bug is not a Windows kernel crisis, not a...