HCE2-SA-2026-0099 Important HCE 2.0 Security Fix(es): Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim_x27;s NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148. (CVE-2026-26269) Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim_x27;s tag file resolution logic when processing the _x27;helpfile_x27; option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled _x27;helpfile_x27; option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132. (CVE-2026-25749) HCE 2.0 vim-common-9.0-1.r37.hce2.x86_64.rpm vim-enhanced-9.0-1.r37.hce2.x86_64.rpm vim-filesystem-9.0-1.r37.hce2.noarch.rpm vim-minimal-9.0-1.r37.hce2.x86_64.rpm vim-common-9.0-1.r37.hce2.aarch64.rpm vim-enhanced-9.0-1.r37.hce2.aarch64.rpm vim-minimal-9.0-1.r37.hce2.aarch64.rpm