CVE-2026-28422
LOW EPSS 3.9%
Published Feb 27, 20264mo ago · Modified Mar 4, 20263mo ago
2.2 CVSS 3.1
Published Feb 27, 2026 4mo ago
Last Modified Mar 4, 2026 3mo ago
Description
Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
3.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-121
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| vim | vim | * | <9.2.0078 |
References 4
- openwall.com http://www.openwall.com/lists/oss-security/2026/02/27/11
- github.com https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f
- github.com https://github.com/vim/vim/releases/tag/v9.2.0078
- github.com https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2026/02/27/11
- github.com https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f
- github.com https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf