2439755 – (CVE-2026-26269) CVE-2026-26269 vim: Netbeans specialKeys stack buffer overflow

Bug 2439755 (CVE-2026-26269) - CVE-2026-26269 vim: Netbeans specialKeys stack buffer overflow

Summary: CVE-2026-26269 vim: Netbeans specialKeys stack buffer overflow

Keywords:
Status:	NEW
Alias:	CVE-2026-26269
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2440211
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-13 20:04 UTC by OSIDB Bzimport
Modified:	2026-02-16 14:00 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-13 20:04:17 UTC

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.

Note You need to log in before you can comment on or make changes to this bug.