Stack Buffer Overflow in Vim's NetBeans Integration Affecting Open Source Text Editor
CVE-2026-26269

5.4MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
13 February 2026

What is CVE-2026-26269?

A stack buffer overflow vulnerability was identified in Vim's NetBeans integration prior to version 9.1.2148. This issue occurs in the specialKeys command, wherein the while loop in the special_keys() function writes unchecked data into a fixed-size stack buffer, allowing a malicious NetBeans server to exploit this flaw. By sending a crafted specialKeys command, attackers can potentially overwrite memory, leading to unpredictable behaviors and security risks. The vulnerability has been addressed in Vim patch version 9.1.2148, and users are urged to update to this version or later to mitigate risks.

Affected Version(s)

vim < 9.1.2148

References

https://github.com/vim/vim/security/advisories/GHSA-9w5c-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/c5f312aad8e4179e437f81a...
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.1.2148
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.