Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.2
Vim fails to handle wide terminals with multi-byte characters
CVE-2026-28422
Summary
Vim's status line can crash if it's displayed on a very wide terminal with certain special characters. This affects older versions of Vim. Update to version 9.2.0078 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| vim | vim | <= 9.2.0078 | – |
Original title
Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a ...
Original description
Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.
nvd CVSS3.1
2.2
Vulnerability type
CWE-121
Stack-based Buffer Overflow
- https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f Patch
- https://github.com/vim/vim/releases/tag/v9.2.0078 Product
- https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf Patch Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/02/27/11 Mailing List Patch Third Party Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026