anonhaven
Ad

CVE-2026-28419

MEDIUM CVSS 3.1: 5.3 EPSS 0.00%
Updated Feb 28, 2026
Vim
Parameter Value
CVSS 5.3 (MEDIUM)
Type CWE-125 (Out-of-bounds Read), CWE-124
Vendor Vim
Public PoC No

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer.

Version 9.2.0075 fixes the issue.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-125 Out-of-bounds Read
CWE-124

References 4

https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812
security-advisories@github.com
https://github.com/vim/vim/releases/tag/v9.2.0075
security-advisories@github.com
https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv
security-advisories@github.com
http://www.openwall.com/lists/oss-security/2026/02/27/8
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33412

Vim

7.3

CVE-2026-28422

Vim

2.2

CVE-2026-28421

Vim

5.3

CVE-2026-28420

Vim

4.4

CVE-2026-28418

Vim

4.4