CVE-2026-32249 is a vulnerability identifier for a NULL pointer dereference in Vim's NFA regular expression engine, affecting versions prior to 9.2.0137. The flaw can be triggered by crafted input, potentially causing performance degradation or partial denial-of-service behavior. Microsoft's Security Response Center notes the impact as interruptions to resource availability rather than full denial of service or arbitrary code execution. The fix is included in Vim 9.2.0137. Discussions on WindowsForum cover the technical details, affected versions, and mitigation steps for this CVE.
-
A newly assigned vulnerability identifier, CVE-2026-32249, calls attention to a NULL pointer dereference in Vim’s NFA regular expression engine that affects versions prior to 9.2.0137. The flaw can be triggered by crafted input handled by the NFA engine and may cause performance degradation or...