cvedb.io
CVE-2026-25749
MEDIUM · CVSS 6.6
EPSS exploitation probability: 0%
Published 2026-02-06T23:15:54.230 · Last modified 2026-06-17T10:25:09.910

Summary

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

Affected products

neovim — neovim

Does this affect you?

Add your gear to cvedb and we'll alert you only when neovim ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.