AZL-77592

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77592.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-77592

Upstream

CVE-2026-26269

Published

2026-02-13T20:17:41Z

Modified

2026-04-01T05:23:09.421347Z

Summary

CVE-2026-26269 affecting package vim 9.1.1616-1

Details

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-26269

Affected packages

Azure Linux:3 / vim

Package

Name: vim
Purl: pkg:rpm/azure-linux/vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

9.1.1616-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77592.json"