CVE-2026-28421

ADVISORY - nist

Summary

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.

EPSS Score⁠: 0.00012 (0.017)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-122⁠

Heap-based Buffer Overflow

CWE-20⁠

Improper Input Validation

ADVISORY - redhat

CWE-120⁠

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.