CVE-2026-28422

Vim has stack-buffer-overflow in build_stl_str_hl()

Description

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

INFO

Published Date :

2026-02-27T22:08:11.384Z

Last Modified :

2026-02-28T00:15:38.152Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-28422 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28422.

URL	Resource
https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f
https://github.com/vim/vim/releases/tag/v9.2.0078
https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact