Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.

The version of Vim installed on the remote host is between 9.1.0011 (inclusive) and 9.2.0137 (exclusive). It is, therefore, affected by a vulnerability as referenced in the GHSA-9phh-423r-778r advisory.

  - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex     compiler, when encountering a collection containing a combining character as the endpoint of a     character range, incorrectly emits the composing bytes of that character as separate NFA states. This     corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When     nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind     assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This     vulnerability is fixed in 9.2.0137. (CVE-2026-32249)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f5d072060b advisory.

    patchlevel 148

    ----

    Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421,     CVE-2026-28422

    ---

    Security fix for CVE-2026-32249

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1885157e34 advisory.

    patchlevel 148

    ----

    Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421,     CVE-2026-28422

    ----

    Security fix for CVE-2026-32249


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7eaf665007 advisory.

    patchlevel 148

    Security fix for CVE-2026-32249

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex     compiler, when encountering a collection containing a combining character as the endpoint of a character     range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states.
    This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When     nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind     assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This     vulnerability is fixed in 9.2.0137. (CVE-2026-32249)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
303794	Vim >= 9.1.0011 < 9.2.0137 NULL Pointer Dereference (GHSA-9phh-423r-778r)	Nessus	Misc.	medium
303122	Fedora 44 : vim (2026-f5d072060b)	Nessus	Fedora Local Security Checks	high
302988	Fedora 42 : vim (2026-1885157e34)	Nessus	Fedora Local Security Checks	high
302530	Fedora 43 : vim (2026-7eaf665007)	Nessus	Fedora Local Security Checks	medium
302157	Linux Distros Unpatched Vulnerability : CVE-2026-32249	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-32249

medium

Tenable Plugins

medium

high

high

medium

medium