Buffer Overflow Vulnerability in Vim Command Line Text Editor
CVE-2026-59857

5.6MEDIUM

Key Information:

Vendor

Vim

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-59857?

A vulnerability exists in Vim, an open source command line text editor, where a buffer overflow can be triggered through the spell_soundfold_sal() function. This function improperly manages memory, allowing a length check to be bypassed, which can lead to an overflow when processing certain words. Specifically, if a boundary-length word is passed to the soundfold() function, it may overwrite memory beyond the allocated stack, potentially crashing the editor. This issue has been resolved in version 9.2.0725.

Affected Version(s)

vim < 9.2.0725

References

CVSS V4

Score:
5.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.