7.5

CVE-2026-26269

Vim has a Netbeans specialKeys Stack Buffer Overflow

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VimVim Version < 9.1.2148
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.199
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68
Patch
Vendor Advisory
https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
Patch
https://github.com/vim/vim/releases/tag/v9.1.2148
Release Notes
http://www.openwall.com/lists/oss-security/2026/02/13/2
Patch
Third Party Advisory
Mailing List