Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN172
_____________________________________________________________________

DATE                : 16/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Vim versions prior to 9.1.2148.

=====================================================================
https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68
_____________________________________________________________________


NetBeans specialKeys Stack Buffer Overflow with Vim <9.1.2148
Moderate
chrisbra published GHSA-9w5c-hwr9-hc68 Feb 13, 2026

Package
No package listed

Affected versions
<9.1.2148

Patched versions
9.1.2148


Description

NetBeans specialKeys Stack Buffer Overflow with Vim <9.1.2148

Date: 13.02.2026
Severity: Medium
CVE: CVE-2026-26269
CWE: Stack-based Buffer Overflow (CWE-121)


Summary

A stack buffer overflow vulnerability exists in Vim's NetBeans 
integration when processing the specialKeys command, affecting
Vim builds that enable and use the NetBeans feature.

Stack buffer overflow exists in special_keys() (in src/netbeans.c).
The while (*tok) loop writes two bytes per iteration into a 64-byte 
stack buffer (keybuf) with no bounds check. A malicious NetBeans
server can overflow keybuf with a single specialKeys command.


Description

The vulnerability is located in the special_keys() function in
src/netbeans.c.

Vim allocates a fixed-size stack buffer of 64 bytes (KEYBUFLEN) and
writes attacker-controlled characters into it without performing any
bounds checking.

The vulnerable code path is triggered when:

    Vim is started with NetBeans integration enabled (e.g. -nb option)
    Vim connects to a NetBeans server
    The server sends a crafted specialKeys command containing a long
    token string
    The unchecked writes overflow the stack buffer

This issue was confirmed using AddressSanitizer.


Impact

This is a Stack-based Buffer Overflow (CWE-121). By sending a crafted
specialKeys command, a malicious or compromised NetBeans server can 
overwrite the stack, leading to:

    Denial of Service: Immediate crashing of the Vim process.
    Arbitrary Code Execution: Potential hijacking of the control flow 
    by overwriting the return address on the stack.

Attack Vector: While the NetBeans interface is legacy, it communicates 
over unencrypted TCP. An attacker could perform a Man-in-the-Middle
(MITM) attack to inject the malicious payload into an existing
NetBeans session.

The vulnerability requires user interaction to connect to a NetBeans 
server.

The severity is rated medium due to potential for code execution.


Acknowledgements

The Vim project would like to thank Haein Lee (github handle @haaeein)
for reporting this issue and providing detailed proof-of-concept code
demonstrating the vulnerability.


References

The issue has been fixed as of Vim patch v9.1.2148.

Commit
Github Advisory
Details

Severity
Moderate
5.4/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVE ID
CVE-2026-26269

Weaknesses
Weakness CWE-121 


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================