Heap-Based Buffer Overflow in Vim Command Line Text Editor
CVE-2026-28420

4.4MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
27 February 2026

What is CVE-2026-28420?

Vim, an open-source command line text editor, has reported a heap-based buffer overflow vulnerability in its terminal emulator. This issue arises when processing maximum combining characters from Unicode supplementary planes, leading to potential security risks. Users are advised to update to version 9.2.0076 or later to mitigate this vulnerability, ensuring the integrity and security of their text editing operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

vim < 9.2.0076

References

https://github.com/vim/vim/security/advisories/GHSA-rvj2-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/bb6de2105b160e729c34063
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0076
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.