Heap Buffer Overflow in Vim Command Line Text Editor
CVE-2026-28421

5.3MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
27 February 2026

What is CVE-2026-28421?

The Vim command line text editor has a vulnerability that allows for a heap buffer overflow due to improper validation of fields read from crafted pointer blocks within its swap file recovery mechanism. This flaw may lead to a segmentation fault, impacting the application’s stability. Users are advised to upgrade to version 9.2.0077, which addresses this issue effectively.

Affected Version(s)

vim < 9.2.0077

References

https://github.com/vim/vim/security/advisories/GHSA-r2gw-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/65c1a143c331c886dc28
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0077
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.