CVE-2026-45130

medium Red Hat
CVSS v3 Base Score
6.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 100% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
High
Published: May 8, 2026 (62 days ago)
Last Modified: May 8, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Vim, an open-source command-line text editor. A heap buffer overflow exists in the `read_compound()` function when processing a specially crafted spell file (.spl) with UTF-8 encoding active. A remote attacker could exploit this by convincing a user to open a text file containing a malicious modeline, which could then load a planted malicious spell file. This could lead to a heap overflow, potentially resulting in an application-level denial of service.

CWE

CWE-190

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4

References