Claude AI finds Vim, Emacs RCE bugs that trigger on file open

Published:

31 maart 2026 om 21:45:14

Alert date:

31 maart 2026 om 22:03:20

Source:

bleepingcomputer.com

Zero-Day Vulnerabilities, Enterprise Applications

Claude AI discovered remote code execution vulnerabilities in Vim and GNU Emacs text editors that can be triggered simply by opening a malicious file. These vulnerabilities were found using simple prompts with the Claude assistant, demonstrating AI's capability in vulnerability discovery. The bugs affect popular text editors widely used by developers and system administrators. The vulnerabilities allow attackers to execute arbitrary code when victims open specially crafted files. This represents a significant security risk given the widespread use of these editors in development environments.

Technical details

The Vim vulnerability involves missing security checks and issues in modeline handling that allow code embedded in a file to be executed upon opening. The vulnerability bypasses sandbox restrictions to execute commands in the current user context. The GNU Emacs vulnerability stems from version control integration (vc-git) where opening a file triggers Git operations via vc-refresh-state, causing Git to read .git/config file and run user-defined core.fsmonitor program for arbitrary command execution. Attack involves creating archives with hidden .git/ directories containing config files pointing to executable scripts.

Mitigation steps:

Update Vim to version 9.2.0272 or later
Exercise caution when opening files from unknown sources or downloaded online for GNU Emacs users
For GNU Emacs: modify Git calls to explicitly block 'core.fsmonitor' to prevent automatic execution of dangerous scripts

Affected products:

Vim versions 9.2.0271 and earlier
GNU Emacs (latest version remains vulnerable)