Zero Day MonitorZDM

← Back to list

6.6

CVE-2026-25749PATCHED

vim · vim

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vu

Description

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

Affected Products

Vendor	Product	Versions
vim	vim	< 9.1.2132

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
canonical	ubuntu linux	cert_advisory	90%
fedora	fedora linux	cert_advisory	90%
open source	vim	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9(Patch)
https://github.com/vim/vim/releases/tag/v9.1.2132(Product)
https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43(Exploit, Patch, Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories14h ago

[UPDATE] [mittel] vim: Schwachstelle ermöglicht Codeausführung

→ No new info (linked only)

CVSS 3.16.6 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

9.1.2132

CWECWE-122

PublishedFeb 6, 2026

Last enriched5h ago

Trending Score22

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

MEDIUMCVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n

MEDIUMCVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combin

MEDIUMCVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unva

MEDIUMCVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malfo

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 6, 2026

Patch Available

Feb 20, 2026

Discovered by ZDM

Apr 1, 2026