Zero Day MonitorZDM

← Back to list

4.4

CVE-2026-28420PATCHED

vim · vim

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combin

Description

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

Affected Products

Vendor	Product	Versions
vim	vim	< 9.2.0076

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
canonical	ubuntu linux	cert_advisory	90%
fedora	fedora linux	cert_advisory	90%
open source	vim	cert_advisory	90%
su	suse linux	cert_advisory	90%
su	suse opensuse	cert_advisory	90%

References

https://github.com/vim/vim/commit/bb6de2105b160e729c34063(Patch)
https://github.com/vim/vim/releases/tag/v9.2.0076(Product)
https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg(Patch, Vendor Advisory)
http://www.openwall.com/lists/oss-security/2026/02/27/9(Mailing List, Patch, Third Party Advisory)

Related News (1 articles)

Tier B

BSI Advisories2d ago

[UPDATE] [mittel] vim: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.14.4 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

9.2.0076

CWECWE-122, CWE-125

PublishedFeb 27, 2026

Last enriched7h ago

Trending Score15

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

MEDIUMCVE-2026-25749

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vu

MEDIUMCVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n

MEDIUMCVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unva

MEDIUMCVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malfo

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 27, 2026

Patch Available

Mar 4, 2026

Discovered by ZDM

Apr 1, 2026