{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28421", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T15:54:05.136Z", "datePublished": "2026-02-27T22:06:34.312Z", "dateUpdated": "2026-03-02T21:53:26.613Z"}, "containers": {"cna": {"title": "Vim has a heap-buffer-overflow and a segmentation fault", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"}, {"name": "https://github.com/vim/vim/commit/65c1a143c331c886dc28", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"}, {"name": "https://github.com/vim/vim/releases/tag/v9.2.0077", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/releases/tag/v9.2.0077"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": "< 9.2.0077", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T22:06:34.312Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue."}], "source": {"advisory": "GHSA-r2gw-2x48-jj5p", "discovery": "UNKNOWN"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/02/27/10"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-28T00:15:36.679Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T21:53:15.857016Z", "id": "CVE-2026-28421", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T21:53:26.613Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/02/27/10"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-28T00:15:36.679Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28421", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T21:53:15.857016Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T21:53:23.270Z"}}], "cna": {"title": "Vim has a heap-buffer-overflow and a segmentation fault", "source": {"advisory": "GHSA-r2gw-2x48-jj5p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"status": "affected", "version": "< 9.2.0077"}]}], "references": [{"url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p", "name": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28", "name": "https://github.com/vim/vim/commit/65c1a143c331c886dc28", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0077", "name": "https://github.com/vim/vim/releases/tag/v9.2.0077", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T22:06:34.312Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28421", "state": "PUBLISHED", "dateUpdated": "2026-03-02T21:53:26.613Z", "dateReserved": "2026-02-27T15:54:05.136Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-27T22:06:34.312Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B48DA98-DBD2-45D8-BE4E-B719CC3087C6", "versionEndExcluding": "9.2.0077", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue."}, {"lang": "es", "value": "Vim es un editor de texto de c\u00f3digo abierto, de l\u00ednea de comandos. En las versiones anteriores a la 9.2.0077, existen un desbordamiento de b\u00fafer de pila y un fallo de segmentaci\u00f3n (SEGV) en la l\u00f3gica de recuperaci\u00f3n de archivos de intercambio de Vim. Ambos son causados por campos no validados le\u00eddos de bloques de puntero manipulados dentro de un archivo de intercambio. La versi\u00f3n 9.2.0077 corrige el problema."}], "id": "CVE-2026-28421", "lastModified": "2026-03-04T20:47:36.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T22:16:25.493", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/vim/vim/releases/tag/v9.2.0077"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/02/27/10"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: Vim: Denial of service and information disclosure via crafted swap file", "id": "2443474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443474"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-120", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-28421", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-02-27T22:06:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28421\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28421\nhttps://github.com/vim/vim/commit/65c1a143c331c886dc28\nhttps://github.com/vim/vim/releases/tag/v9.2.0077\nhttps://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.2.0077)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "vim", "source": "cna", "vendor": "vim"}, "product": "vim", "vendor": "vim"}], "analysis": {"en": {"generated_at": "2026-04-17T13:51:36.857115+00:00", "value": {"mitigation_remediation": ["Update Vim to version 9.2.0077 or later, which removes the unsafe swap\u2011file recovery code.", "Disable automatic recovery of swap files in environments where Vim may handle untrusted or user\u2011generated content, thereby preventing accidental crashes from crafted swap files.", "Delete any existing swap files in directories that could be compromised to remove the trigger for the overflow."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Vim text editor from the Vim project. All releases older than v9.2.0077 are vulnerable. Upgrading to v9.2.0077 or later removes the unsafe swap\u2011file recovery code.", "description_and_impact": "Vim contains a heap\u2011buffer overflow that is executed during swap file recovery. The bug is triggered when Vim parses unvalidated pointer blocks inside a swap file, causing memory corruption and a segmentation fault. Based on the description, it is inferred that an attacker who can supply a crafted swap file processed by Vim can force the editor to crash, thereby denying service to users who rely on Vim for editing or configuration.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests that exploitation is unlikely at this time. The flaw is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires an attacker to inject a malicious swap file that Vim will read during recovery; typical vectors include local file placement or, in contexts where Vim processes user\u2011supplied files (such as web or version\u2011control services), remote delivery of crafted swaps. No evidence points to remote code execution or other higher\u2011impact capabilities beyond application crash."}}}}, "created": "2026-03-02T12:04:36.047748+00:00", "updated": "2026-04-17T14:00:15.806855+00:00", "vendors": ["vim", "vim$PRODUCT$vim"]}