anonhaven
Ad

CVE-2026-28422

LOW CVSS 3.1: 2.2 EPSS 0.01%
Updated Feb 28, 2026
Vim
Parameter Value
CVSS 2.2 (LOW)
Type CWE-121 (Stack-based Buffer Overflow)
Vendor Vim
Public PoC No

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
High
Difficult to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-121 Stack-based Buffer Overflow

References 4

https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f
security-advisories@github.com
https://github.com/vim/vim/releases/tag/v9.2.0078
security-advisories@github.com
https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf
security-advisories@github.com
http://www.openwall.com/lists/oss-security/2026/02/27/11
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33412

Vim

7.3

CVE-2026-28421

Vim

5.3

CVE-2026-28420

Vim

4.4

CVE-2026-28419

Vim

5.3

CVE-2026-28418

Vim

4.4