CVE-2026-26269

EPSS 0.04%
Veröffentlicht 13.02.2026 19:18:41
Zuletzt bearbeitet 18.02.2026 21:29:03
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vim ≫ Vim Version < 9.1.2148

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68

Patch

Vendor Advisory

https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970

Patch

https://github.com/vim/vim/releases/tag/v9.1.2148

Release Notes

http://www.openwall.com/lists/oss-security/2026/02/13/2

Patch

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2026-26269