CVE-2026-26269

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.2148

Description Vim is a command line text editor. A stack buffer overflow exists in Vim’s NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The overflow occurs within the special keys() function (located in src/netbeans.c) due to a lack of bounds checking in a while loop that writes data into a 64-byte stack buffer (keybuf). A malicious NetBeans server can exploit this by sending a crafted specialKeys command, potentially overflowing the keybuf. The vulnerability is triggered when Vim is started with NetBeans integration enabled, connects to a NetBeans server, and receives the malicious command.

Recommendations Versions prior to 9.1.2148 should be updated to version 9.1.2148 or later.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

AZL-77592

AZL-77850

BDU:2026-05139

CVE-2026-26269

ECHO-D50C-D5DC-4726

GHSA-9W5C-HWR9-HC68

MGASA-2026-0042

OESA-2026-1429

OESA-2026-1497

OESA-2026-1498

OESA-2026-1499

OESA-2026-1500

OESA-2026-1501

OPENSUSE-SU-2026:20403-1

SUSE-SU-2026:0910-1

SUSE-SU-2026:1051-1

SUSE-SU-2026:1095-1

SUSE-SU-2026:20717-1

SUSE-SU-2026:20738-1

SUSE-SU-2026:20759-1

SUSE-SU-2026:20916-1

USN-8101-1

Affected Products

Linuxmint

Red Os

Ubuntu

Vim

CVE-2026-26269

Weakness Enumeration

Related Identifiers

Affected Products

References · 81