CVE-2026-26269Stack-based Buffer Overflow in VIM

CWE-121Stack-based Buffer Overflow7 documents6 sources
Severity
7.5HIGHNVD
OSV6.6
EPSS
0.0%
top 87.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
VIMDebian VIM
Timeline
PublishedFeb 13
Latest updateMar 16

Description

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single special

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

NVDvim/vim< 9.1.2148
debiandebian/vim< vim 2:9.2.0119-1 (forky)
Debianvim/vim< 2:9.2.0119-1
Ubuntuvim/vim< 2:8.2.3995-1ubuntu2.26+6

Patches

Patch: github.comPatch: github.comPatch: www.openwall.com

🔴Vulnerability Details

2
OSV
vim vulnerabilities2026-03-16
OSV
CVE-2026-26269: Vim is an open source, command line text editor2026-02-13

📋Vendor Advisories

3
Ubuntu
Vim vulnerabilities2026-03-16
Red Hat
vim: Netbeans specialKeys stack buffer overflow2026-02-13
Debian
CVE-2026-26269: vim - Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buff...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-26269 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-26269 — Stack-based Buffer Overflow in VIM | cvebase