VDB

CISA-2026-28419

CISA-2026-28419 PUBLISHED CVSS 5.3 MEDIUM

Reported by GitHub_M · Published February 27, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
vimvim< 9.2.0075
vimvim< 9.2.0075, < 9.2.0075

Timeline

  • Feb 27, 2026 CVE Published
  • Mar 2, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›