Vim Command Line Text Editor Vulnerability Affecting Specific Versions
CVE-2026-57451

5.3MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
25 June 2026

What is CVE-2026-57451?

A buffer overflow vulnerability exists in the Vim text editor prior to version 9.2.0670. Specifically, the issue is located in the get_text_props() function within the src/textprop.c file. This function improperly processes a uint16 property count that is embedded inline after the text, allowing attackers to define an overly large count that does not correspond to the actual number of subsequent data entries. As a result, this causes consumers to read beyond the intended limits of the line buffer, potentially leading to unexpected behavior or crashes. Attackers can exploit this vulnerability by delivering a crafted undo file to the target system. The issue has been addressed in Vim version 9.2.0670 with adequate checks added to prevent such exploitation.

Affected Version(s)

vim < 9.2.0670

References

https://github.com/vim/vim/security/advisories/GHSA-f36c-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/b2338ca90643e2f01ecb654...
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0670
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.