Multiple CVEs Found in Vim Affecting Ubuntu and SUSE Systems

Multiple CVEs Found in Vim Affecting Ubuntu and SUSE Systems

First seen 18 Mar 2026, 13:43 UTC Linuxsecurity 76% similarity 72.0

Article Content

Browse articles
ThreatCluster

Recent updates have revealed several critical vulnerabilities in Vim, affecting multiple versions of Ubuntu and SUSE Linux. The vulnerabilities include CVE-2026-25749, which allows for denial of service through improper tag resolution, and CVE-2026-26269, which can lead to arbitrary code execution via special key commands. Additionally, CVE-2026-28417 allows attackers to execute arbitrary code by tricking users into opening crafted URLs. The affected systems include Ubuntu versions from 14.04 to 25.10 and SUSE Linux distributions. Users are advised to update their systems to mitigate these vulnerabilities. The patches for these issues were released on 2026-03-18. The vulnerabilities were discovered by various researchers, including Rahul Hoysala and Kim Dong Han.

Key Points: • Multiple critical vulnerabilities in Vim affect various Ubuntu and SUSE versions. • CVE-2026-25749 and CVE-2026-26269 allow for denial of service and arbitrary code execution. • Users must update their systems immediately to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2025-07-15
CVE-2025-53906 published
2026-02-06
CVE-2026-25749 published
2026-02-13
CVE-2026-26269 published
2026-02-27
CVE-2026-28417 published
2026-02-27
CVE-2026-28419 published
2026-02-27
CVE-2026-28421 published
2026-02-27
CVE-2026-28418 published
2026-02-27
CVE-2026-28422 published
2026-02-27
CVE-2026-28420 published
2026-03-18
Patches released for vulnerabilities in Vim

Community

Browse all →