CVE-2026-28419

ADVISORY - nist

Summary

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

EPSS Score⁠: 0.00005 (0.003)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-124⁠

Buffer Underwrite ('Buffer Underflow')

CWE-125⁠

Out-of-bounds Read

ADVISORY - redhat

CWE-124⁠

Buffer Underwrite ('Buffer Underflow')

Impacted images

Advisories

NIST

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2026-28419⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-124⁠CWE-125⁠

CVSS SCORE

5.3medium

Alpine

CREATED

3 months ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-28419⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2026-28419⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2026-28419⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.6medium

Amazon

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDALAS2023-2026-1584⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2026-28419⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-124⁠

CVSS SCORE

5.3medium

Photon

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CVE-2026-28419

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.6medium