Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.4
Vim Terminal Emulator Can Crash or Allow Unauthorized Access
CVE-2026-28420
Summary
Vim's terminal emulator has a bug that can cause it to crash or allow unauthorized access to your computer. This bug affects older versions of Vim and has been fixed in version 9.2.0076. To stay safe, make sure you're using the latest version of Vim.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| vim | vim | <= 9.2.0076 | – |
Original title
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum com...
Original description
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.
nvd CVSS3.1
4.4
Vulnerability type
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
- https://github.com/vim/vim/commit/bb6de2105b160e729c34063 Patch
- https://github.com/vim/vim/releases/tag/v9.2.0076 Product
- https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg Patch Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/02/27/9 Mailing List Patch Third Party Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026