Description
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.
Published: 2026-02-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stack Buffer Overflow
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a stack buffer overflow in Vim’s NetBeans integration. When processing the specialKeys command, the special_keys() routine writes two bytes per iteration into a 64‑byte buffer on the stack without performing bounds checking. A malicious NetBeans server can send a single, crafted specialKeys command that overflows this buffer, potentially corrupting the stack and enabling arbitrary code execution or a crash. The issue affects Vim builds that enable the NetBeans feature and was fixed by patch v9.1.2148.

Affected Systems

The affected product is the Vim text editor, which is open‑source and command‑line based. All Vim installations that enable the NetBeans feature and run a version older than v9.1.2148 are vulnerable. The fix is upstreamed in Vim release v9.1.2148 and later.

Risk and Exploitability

The CVSS score of 5.4 reflects moderate severity. The EPSS score of less than 1 % indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be a malicious NetBeans server that can send the specialKeys payload. If an attacker controls such a server or influences the connection between Vim and a NetBeans server, they can trigger the overflow. Because the vulnerability requires a particular feature to be enabled and relies on a server interaction, the practical risk is moderate but the likelihood of exploitation is low.

Generated by OpenCVE AI on April 17, 2026 at 19:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Vim to version v9.1.2148 or newer, which contains the protective fix.
  • If the NetBeans integration is not required in your environment, disable the feature in Vim’s configuration to eliminate the vulnerable code path.
  • Limit the network connectivity between Vim and any NetBeans servers to trusted sources, ensuring that only authorized servers can issue specialKeys commands.

Generated by OpenCVE AI on April 17, 2026 at 19:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Sat, 14 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 13 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Vim
Vim vim
Vendors & Products Vim
Vim vim

Fri, 13 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.
Title Vim has a Netbeans specialKeys Stack Buffer Overflow
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Vim Vim
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-13T21:11:26.275Z

Reserved: 2026-02-12T17:10:53.413Z

Link: CVE-2026-26269

cve-icon Vulnrichment

Updated: 2026-02-13T21:11:26.275Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-13T20:17:41.377

Modified: 2026-02-18T21:29:03.767

Link: CVE-2026-26269

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-13T19:18:41Z

Links: CVE-2026-26269 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:00:09Z

Weaknesses