Packages
- vim - Vi IMproved - enhanced vi editor
Details
Rahul Hoysala discovered that Vim did not correctly handle certain tag
resolutions. An attacker could possibly use this issue to cause a denial
of service. (CVE-2026-25749)
It was discovered that Vim did not correctly handle processing certain
specialKey commands. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2026-26269)
Kim Dong Han discovered that Vim did not correctly handle opening certain
URLs. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to execute arbitrary code.
(CVE-2026-28417)
Kim Dong Han discovered that Vim did not correctly handle parsing
Emacs-style tag files. An attacker could possibly use this issue to cause
a denial of service. (
Rahul Hoysala discovered that Vim did not correctly handle certain tag
resolutions. An attacker could possibly use this issue to cause a denial
of service. (CVE-2026-25749)
It was discovered that Vim did not correctly handle processing certain
specialKey commands. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2026-26269)
Kim Dong Han discovered that Vim did not correctly handle opening certain
URLs. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to execute arbitrary code.
(CVE-2026-28417)
Kim Dong Han discovered that Vim did not correctly handle parsing
Emacs-style tag files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2026-28418, CVE-2026-28419)
Kim Dong Han discovered that Vim did not correctly handle processing
maximum combining characters from Unicode supplementary planes. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2026-28420)
Kim Dong Han discovered that Vim did not correctly handle swap file
recovery. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2026-28421)
Kim Dong Han discovered that Vim did not correctly handle rendering
status lines. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2026-28422)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | vim – 2:9.1.0967-1ubuntu6.1 | ||
| 24.04 LTS noble | vim – 2:9.1.0016-1ubuntu7.10 | ||
| 22.04 LTS jammy | vim – 2:8.2.3995-1ubuntu2.26 | ||
| 20.04 LTS focal | vim – 2:8.1.2269-1ubuntu5.32+esm2 | ||
| 18.04 LTS bionic | vim – 2:8.0.1453-1ubuntu1.13+esm14 | ||
| 16.04 LTS xenial | vim – 2:7.4.1689-3ubuntu1.5+esm29 | ||
| 14.04 LTS trusty | vim – 2:7.4.052-1ubuntu3.1+esm23 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.