What is the CVSS score of CVE-2026-45130?

CVE-2026-45130 has a CVSS 3.1 base score of 6.6 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-45130?

Yes, a patch is available for CVE-2026-45130. Update the affected software to the latest version immediately.

Red Hat CVE-2026-45130

MEDIUM

Heap-based Buffer Overflow (CWE-122)

2026-05-08 GitHub_M

Buffer Overflow Heap Overflow Red Hat

6.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

CVE Published

May 08, 2026 - 22:42 nvd

MEDIUM 6.6

DescriptionNVD

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory