CVE-2026-28418

EUVD-2026-9086
Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.2.0074
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2:9.2.0461-1
fixed
sid
2:9.2.0524-1
fixed
trixie
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
vim
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-data
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-data-common
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-small
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
Common Weakness Enumeration
References
https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb
https://github.com/vim/vim/releases/tag/v9.2.0074
https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j
http://www.openwall.com/lists/oss-security/2026/02/27/7