CVE-2026-28420

Published February 27th, 2026

View on NVD ↗

CVSS v3

4.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

vim/vim

The official Vim repository

GitHub

40.6K