CVE-2026-28421

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0077

Description Vim is an open-source, command-line text editor. Versions prior to 9.2.0077 contain a heap-buffer-overflow and a segmentation fault (SEGV) within the swap file recovery logic. These issues are triggered by unvalidated fields read from crafted pointer blocks within a swap file.

Recommendations Versions prior to 9.2.0077 should be updated to version 9.2.0077 or later.

Exploit

Fix

DoS

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-122

Related Identifiers

ALSA-2026:6915

ALSA-2026:7711

ALSA-2026:8259

AZL-78500

BDU:2026-02591

CVE-2026-28421

ECHO-6C94-1F29-8634

GHSA-R2GW-2X48-JJ5P

MGASA-2026-0049

OESA-2026-1565

RHSA-2026:6502

RHSA-2026:6539

RHSA-2026:6540

RHSA-2026:6617

RHSA-2026:6619

RHSA-2026:6620

RHSA-2026:6729

RHSA-2026:6730

RHSA-2026:6731

RHSA-2026:6736

RHSA-2026:6915

RHSA-2026:7711

RHSA-2026:8259

SUSE-SU-2026:0910-1

SUSE-SU-2026:1051-1

SUSE-SU-2026:1095-1

USN-8101-1

Affected Products

Linuxmint

Red Os

Rocky Linux

Ubuntu

Vim

CVE-2026-28421

Weakness Enumeration

Related Identifiers

Affected Products

References · 94