Back to search
CVE-2026-28420
Published: Feb 27, 2026
Modified: Mar 2, 2026
PUBLISHED
CVSS v3.1
4.4
MEDIUM
Description
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
vim | vim | affected < 9.2.0076 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
References
https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg
x_refsource_CONFIRM
https://github.com/vim/vim/commit/bb6de2105b160e729c34063
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0076
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now