Claude AI finds Vim, Emacs RCE bugs that trigger on file open

bleepingcomputer.com · akyuu · 6 days ago · view on HN · research
quality 9/10 · excellent
0 net
Tags
apple exploit malware microsoft rce
Claude AI finds Vim, Emacs RCE bugs that trigger on file open Home News Security Claude AI finds Vim, Emacs RCE bugs that trigger on file open Claude AI finds Vim, Emacs RCE bugs that trigger on file open By Bill Toulas March 31, 2026 05:45 PM 0 Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. The assistant also created multiple versions of proof-of-concept (PoC) exploits, refined them, and provided suggestions to address the security issues. Vim and GNU Emacs are programmable text editors primarily used by developers and sysadmins for code editing, terminal-based workflows, and scripting. Vim in particular is widely used in DevOps, and is installed by default on most Linux server distributions, embedded systems, and macOS. Vim flaw and fix Hung Nguyen, a researcher at the boutique cybersecurity firm Calif, which specializes in AI red teaming and security engineering, found the issues in Vim after instructing Claude to find a remote code execution (RCE) zero-day vulnerability in the text editor triggered by opening a file. The Claude assistant analyzed Vim’s source code and identified missing security checks and issues in modeline handling, allowing code embedded in a file to be executed upon opening. A modeline is text placed at the beginning of a file that instructs Vim how to handle it. Even if the code was supposed to run in a sandbox, another problem allowed it to bypass the restriction and execute commands in the context of the current user. The vulnerability has not received a CVE ID and affects all versions of Vim 9.2.0271 and earlier. Nguyen reported the issue to the Vim maintainers, who promptly released a patch in Vim version 9.2.0272. The Vim team noted that a victim would only need to open a specially crafted file to trigger the vulnerability. “An attacker who can deliver a crafted file to a victim achieves arbitrary command execution with the privileges of the user running Vim,” reads the bulletin . GNU Emacs points to Git In the case of GNU Emacs, the vulnerability remains present, as the developer considers it Git’s responsibility to address. The problem stems from GNU Emacs’ version control integration (vc-git), where opening a file triggers Git operations via vc-refresh-state, which causes Git to read the .git/config file and run a user-defined core.fsmonitor program, which can be abused to run arbitrary commands. An attack scenario devised by the researcher involves creating an archive (e.g., an email or a shared drive) that contains a hidden .git/ directory with a config file pointing to an executable script. When the victim extracts the archive and opens the text file, the payload executes without any visible indicators on the GNU Emacs default configuration. GNU Emacs maintainers consider this a problem in Git, not the text editor, because the environment is merely the trigger for the dangerous action executed by Git: reading the attacker-controlled config and executing a program from it. While this argument is technically correct, since nothing is executed in GNU Emacs directly, the risk to the user exists since the editor is automatically running Git on untrusted directories without neutralizing dangerous options and without requiring user consent, or sanbox protections. Nguyen suggested that GNU Emacs could modify Git calls to explicitly block ‘core.fsmonitor,’ so any dangerous scripts/payloads wouldn’t be executed automatically when opening a file. As the flaw remains unpatched in the latest version of GNU Emacs, users are advised to exercise caution when opening files from unknown sources or downloaded online. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other. This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Hackers exploit React2Shell in automated credential theft campaign New Progress ShareFile flaws can be chained in pre-auth RCE attacks Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now GIGABYTE Control Center vulnerable to arbitrary file write flaw Critical Fortinet Forticlient EMS flaw now exploited in attacks Emacs Git RCE Remote Code Execution Software Vim Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Upcoming Webinar Popular Stories Claude Code leak used to push infostealer malware on GitHub LinkedIn secretly scans for 6,000+ Chrome extensions, collects data Microsoft now force upgrades unmanaged Windows 11 24H2 PCs Sponsor Posts Attackers aren’t breaking in. They’re logging in. See how these intrusions unfold 5 Things to Measure in an AI-Driven SOC (That Didn't Exist Before) A unified control plane for all identities, human, non-human, and agentic. New fraud playbooks are circulating on the dark web — are you keeping up? Turn stolen data into useless noise in ransomware attack Upcoming Webinar Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories