CVE-2026-28422

CVSS v3.1

2.2

Low

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0078

Description Vim is an open source, command line text editor. A stack-based buffer overflow occurs in the build stl str hl() function when rendering a statusline with a multi-byte fill character on a very wide terminal. This can potentially impact the integrity of protected information.

Recommendations Versions prior to 9.2.0078 should be updated to version 9.2.0078 or later.

Exploit

Fix

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

AZL-78512

BDU:2026-02587

CVE-2026-28422

ECHO-F134-6EF2-2906

GHSA-GMQX-PRF2-8MWF

MGASA-2026-0049

OESA-2026-1565

SUSE-SU-2026:0910-1

SUSE-SU-2026:1051-1

SUSE-SU-2026:1095-1

USN-8101-1

Affected Products

Linuxmint

Red Os

Ubuntu

Vim

CVE-2026-28422

Weakness Enumeration

Related Identifiers

Affected Products

References · 73