Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-25749) It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-26269) Kim Dong Han discovered that Vim did not correctly handle opening certain URLs. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code. (CVE-2026-28417) Kim Dong Han discovered that Vim did not correctly handle parsing Emacs-style tag files. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-28418, CVE-2026-28419) Kim Dong Han discovered that Vim did not correctly handle processing maximum combining characters from Unicode supplementary planes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-28420) Kim Dong Han discovered that Vim did not correctly handle swap file recovery. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-28421) Kim Dong Han discovered that Vim did not correctly handle rendering status lines. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-28422)