Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Vim versions before 9.2.0077 may crash or leak memory
CVE-2026-28421
Summary
Older versions of the Vim text editor may crash or leak memory if it tries to recover a corrupted swap file. This can happen if a hacker creates a specially crafted swap file. Upgrade to version 9.2.0077 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| vim | vim | <= 9.2.0077 | – |
Original title
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by u...
Original description
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
nvd CVSS3.1
7.8
Vulnerability type
CWE-20
Improper Input Validation
CWE-122
Heap-based Buffer Overflow
- https://github.com/vim/vim/commit/65c1a143c331c886dc28 Patch
- https://github.com/vim/vim/releases/tag/v9.2.0077 Product
- https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p Patch Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/02/27/10 Mailing List Patch Third Party Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026