Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Vim Text Editor Crashes When Editing Certain Regular Expressions
CVE-2026-32249
Summary
Vim's text editor has a bug that can cause it to crash when editing certain regular expressions. This could happen if you use a specific type of character in a regular expression. To fix the issue, update to the latest version of Vim, which is 9.2.0137 or later.
Original title
Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a cha...
Original description
Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.
nvd CVSS3.1
5.3
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026