CVE-2026-57454
Analyzed Analyzed - Analysis Complete

Out-of-Bounds Read in Vim Text Editor

Vulnerability report for CVE-2026-57454, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
vim vim From 9.2.0320 (inc) to 9.2.0679 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57454 is a security vulnerability in the Vim text editor that involves an out-of-bounds read issue with virtual-text properties stored in undo or swap files.

Specifically, a crafted undo or swap file can contain a virtual-text property whose offset and length point outside the valid range of the line's property data. When Vim restores or displays such a line, it converts this offset into a pointer and reads the virtual text without checking if it is within bounds.

This lack of bounds checking can cause Vim to read memory beyond the allocated buffer, potentially leading to a crash or disclosure of adjacent heap memory.

The vulnerability was introduced in Vim versions from 9.2.0320 through 9.2.0678 and was fixed in version 9.2.0679 by adding validation checks to ensure the virtual-text offset and length are within valid bounds before accessing the data.

Compliance Impact

The vulnerability in Vim (CVE-2026-57454) can lead to out-of-bounds reads that may disclose adjacent heap memory, potentially exposing sensitive information.

Such unintended disclosure of memory contents could impact confidentiality requirements under common standards and regulations like GDPR and HIPAA, which mandate protection of sensitive data.

However, exploitation requires a victim to open a malicious undo or swap file, making the attack complexity high and requiring user interaction.

Therefore, while the vulnerability poses a risk to confidentiality, its impact on compliance depends on the context of use and whether sensitive data could be exposed through this flaw.

Impact Analysis

This vulnerability can impact users by causing the Vim editor to crash unexpectedly when opening a maliciously crafted undo or swap file.

Additionally, it can lead to disclosure of adjacent heap memory, which may expose sensitive information stored in memory.

Exploitation requires a victim to open a specially crafted undo or swap file, so user interaction is necessary and the attack complexity is considered high.

Workarounds include avoiding loading undo files or recovering swap files from untrusted sources.

Detection Guidance

This vulnerability occurs when Vim opens a crafted undo or swap file containing a virtual-text property with an offset and length pointing outside the line's property data. Detection involves identifying if such malicious undo or swap files exist or are being loaded.

Since the vulnerability is triggered by opening a malicious undo or swap file in Vim, detection can focus on monitoring Vim usage and the integrity of undo and swap files.

There are no specific commands provided in the resources to detect this vulnerability directly on a system or network.

However, as a practical approach, you can check the Vim version installed on your system to determine if it is vulnerable by running:

  • vim --version

If the version is between 9.2.0320 and 9.2.0678 inclusive, the system is vulnerable. Also, monitoring for unexpected or suspicious undo or swap files in user directories might help identify potential exploitation attempts.

Mitigation Strategies

The primary mitigation is to upgrade Vim to version 9.2.0679 or later, where the vulnerability has been fixed by adding proper validation checks on the virtual-text property offsets and lengths.

Until the upgrade can be applied, avoid opening undo or swap files from untrusted or unknown sources, as exploitation requires opening a crafted undo or swap file.

Additionally, consider recovering swap files only from trusted backups and avoid loading undo files that may be corrupted or malicious.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57454. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart