CVE-2026-28420

ADVISORY - nist

Summary

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

EPSS Score⁠: 0.00006 (0.004)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-122⁠

Heap-based Buffer Overflow

CWE-125⁠

Out-of-bounds Read

ADVISORY - redhat

CWE-125⁠

Out-of-bounds Read

Impacted images

Advisories

NIST

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2026-28420⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠CWE-125⁠

CVSS SCORE

4.4medium

Alpine

CREATED

3 months ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-28420⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2026-28420⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2026-28420⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.4medium

Amazon

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDALAS2023-2026-1584⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2026-28420⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-125⁠

CVSS SCORE

4.4medium

Photon

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CVE-2026-28420

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.4medium