Description

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.

INFO

Published Date :

2026-02-27T21:58:37.277Z

Last Modified :

2026-02-28T00:15:32.223Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28418 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28418.

URL Resource
https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb cve-icon cve-icon
https://github.com/vim/vim/releases/tag/v9.2.0074 cve-icon cve-icon
https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact