anonhaven
Ad

CVE-2026-28421

MEDIUM CVSS 3.1: 5.3 EPSS 0.01%
Updated Feb 28, 2026
Vim
Parameter Value
CVSS 5.3 (MEDIUM)
Affected Versions before 9.2.0077
Type CWE-20 (Improper Input Validation), CWE-122 (Heap-based Buffer Overflow)
Vendor Vim
Public PoC No

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file.

Version 9.2.0077 fixes the issue.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-20 Improper Input Validation
CWE-122 Heap-based Buffer Overflow

References 4

https://github.com/vim/vim/commit/65c1a143c331c886dc28
security-advisories@github.com
https://github.com/vim/vim/releases/tag/v9.2.0077
security-advisories@github.com
https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p
security-advisories@github.com
http://www.openwall.com/lists/oss-security/2026/02/27/10
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33412

Vim

7.3

CVE-2026-28422

Vim

2.2

CVE-2026-28420

Vim

4.4

CVE-2026-28419

Vim

5.3

CVE-2026-28418

Vim

4.4