Skip to main content

Vim CVE-2026-28419

MEDIUM
Buffer Underwrite ('Buffer Underflow') (CWE-124)
2026-02-27 security-advisories@github.com
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Mar 04, 2026 - 21:22 nvd
Patch available
CVE Published
Feb 27, 2026 - 22:16 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

AnalysisAI

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Technical ContextAI

Affects Vim. Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

RemediationAI

A vendor patch is available — apply it immediately.

More in Vim

View all
CVE-2022-3520 CRITICAL POC
9.8 Dec 02

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Rated critical severity (CVSS 9.8), this vuln

CVE-2022-0729 HIGH POC
8.8 Feb 23

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Rated high severity (CVSS 8.8), this

CVE-2026-34714 HIGH POC
8.6 Mar 30

{expr} payload embedded in a modeline to be evaluated even when the protective 'modelineexpr' setting is off (the defaul

CVE-2019-12735 HIGH POC
8.6 Jun 05

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via th

CVE-2021-3968 HIGH POC
8.0 Nov 19

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is remotely exploita

CVE-2023-4735 HIGH POC
7.8 Sep 02

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Rated high severity (CVSS 7.8), this vulnerability i

CVE-2023-4781 HIGH POC
7.8 Sep 05

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerab

CVE-2023-4734 HIGH POC
7.8 Sep 02

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Rated high severity (CVSS 7.8), this vuln

CVE-2023-4733 HIGH POC
7.8 Sep 04

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2023-4750 HIGH POC
7.8 Sep 04

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2023-4736 HIGH POC
7.8 Sep 02

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. Rated high severity (CVSS 7.8), this vulnerability

CVE-2023-2610 HIGH POC
7.8 May 09

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Rated high severity (CVSS 7.8), this vuln

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed

Share

CVE-2026-28419 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy