CVE-2026-28420

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-28420

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

V

im is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

References
Link Resource
https://github.com/vim/vim/commit/bb6de2105b160e729c34063 Patch
https://github.com/vim/vim/releases/tag/v9.2.0076 Product
https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/02/27/9 Mailing List Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
History

04 Mar 2026, 20:47

Type Values Removed Values Added
Summary
  • (es) Vim es un editor de texto de código abierto y de línea de comandos. Antes de la versión 9.2.0076, hay una escritura de desbordamiento de búfer basado en montículo y una lectura fuera de límites en el emulador de terminal de Vim al procesar caracteres combinatorios máximos de planos suplementarios de Unicode. La versión 9.2.0076 corrige el problema.
CPE cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
First Time Vim vim
Vim
References () https://github.com/vim/vim/commit/bb6de2105b160e729c34063 - () https://github.com/vim/vim/commit/bb6de2105b160e729c34063 - Patch
References () https://github.com/vim/vim/releases/tag/v9.2.0076 - () https://github.com/vim/vim/releases/tag/v9.2.0076 - Product
References () https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg - () https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg - Patch, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2026/02/27/9 - () http://www.openwall.com/lists/oss-security/2026/02/27/9 - Mailing List, Patch, Third Party Advisory

28 Feb 2026, 01:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/02/27/9 -

27 Feb 2026, 22:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-27 22:16

Updated : 2026-03-04 20:47

NVD link : CVE-2026-28420

Mitre link : CVE-2026-28420

CVE.ORG link : CVE-2026-28420

JSON object : View

Products Affected

vim

CWE
CWE-122

Heap-based Buffer Overflow

CWE-125

Out-of-bounds Read