CVE-2026-28421
HIGH EPSS 7.4%
Published Feb 27, 20264mo ago · Modified Mar 4, 20263mo ago
7.8 CVSS 3.1
Published Feb 27, 2026 4mo ago
Last Modified Mar 4, 2026 3mo ago
Description
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
7.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-122
CWE-20 Improper Input Validation Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| vim | vim | * | <9.2.0077 |
References 4
- openwall.com http://www.openwall.com/lists/oss-security/2026/02/27/10
- github.com https://github.com/vim/vim/commit/65c1a143c331c886dc28
- github.com https://github.com/vim/vim/releases/tag/v9.2.0077
- github.com https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2026/02/27/10
- github.com https://github.com/vim/vim/commit/65c1a143c331c886dc28
- github.com https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p