Skip to main content

Vim CVE-2026-28422

LOW
Stack-based Buffer Overflow (CWE-121)
2026-02-27 security-advisories@github.com
Buffer Overflow Vim
2.2
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.2 LOW
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Mar 04, 2026 - 20:44 nvd
Patch available
CVE Published
Feb 27, 2026 - 22:16 nvd
LOW 2.2

DescriptionGitHub Advisory

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in build_stl_str_hl() when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

AnalysisAI

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in build_stl_str_hl() when rendering a statusline with a multi-byte fill character on a very wide terminal. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment CVSS 2.2 (LOW). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker could exploit this vulnerability to compromise the affected system.
Remediation A vendor patch is available — apply it immediately. Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47162 HIGH
7.3 Jun 11

Vimscript code injection in the netrw plugin shipped with Vim before 9.2.0495 allows attackers who can plant or have a v
CVE-2026-52859 MEDIUM
6.9 Jun 11

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program

CVE-2026-47167 MEDIUM
5.1 Jun 11

Code injection via unsanitized step-definition patterns in Vim's cucumber filetype plugin allows arbitrary Ruby and shel

Share

CVE-2026-28422 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy