Claude AI Finds Critical RCE Bugs in Vim and Emacs

Cybersecurity firm Calif used Anthropic’s Claude to uncover critical zero-day Remote Code Execution (RCE) vulnerabilities in both Vim and GNU Emacs. The discovery of these editor flaws marks a shift in automated vulnerability research, as the AI assistant successfully identified complex logic errors that trigger simply upon opening a crafted text file. For developers running these text editors on local machines or remote servers, the vulnerabilities present an immediate execution risk requiring no secondary user interaction.

Vim Modeline Execution Path

The Vim vulnerability, tracked as GHSA-2gmj-rpqf-pxvh, stems from a flaw in how the editor processes modelines. Modelines are configuration instructions embedded at the top or bottom of a file. Claude identified a missing P_MLE flag in Vim’s tabpanel option. This oversight permits a malicious modeline to inject an expression string using %{expr}, circumventing the editor’s explicit modelineexpr security restrictions.

While Vim correctly evaluates this injected expression within a sandbox, the underlying autocmd_add() function lacks a critical check_secure() call. This omission creates a delayed execution vector. The sandboxed code registers an autocommand that waits in the background. Once the sandbox environment terminates, the autocommand executes with full user privileges, achieving OS-level command injection.

The flaw affects all Vim versions up to 9.2.0271. The Vim development team acknowledged the vulnerability and released a patch in version 9.2.0272.

Emacs Payload and Maintainer Response

Researchers subsequently prompted Claude to find a comparable zero-interaction RCE in GNU Emacs. The model successfully generated a working proof-of-concept exploit. The Emacs attack vector relies on a victim extracting a compressed archive and opening an ostensibly benign text file. This standard developer action silently triggers the background execution of a malicious payload.

Unlike the Vim vulnerability, the Emacs flaw remains unpatched as of March 31, 2026. The GNU Emacs maintainers disputed the vulnerability report. They assert the root cause lies in how Git handles repository data rather than a flaw in Emacs itself. Consequently, no immediate update is available for Emacs users.

Automated Vulnerability Research

The discovery process relied entirely on simple natural language instructions. A researcher prompted the model to find an RCE triggered by opening a file. Claude navigated the codebase, analyzed the editor’s security architecture, and located the specific missing flag. This autonomous navigation aligns with recent studies showing frontier models are highly capable at multi-step cyberattacks.

Calif has formalized this automated testing approach into an initiative called “MAD Bugs,” planning to release a continuous stream of AI-discovered vulnerabilities throughout April 2026. This follows data showing Claude Opus 4.6 has already identified over 500 high-severity zero-day vulnerabilities across established open-source projects, including Firefox. Security teams must now adapt their code review workflows to account for machine-speed vulnerability discovery.

If you run Vim in your development environment, update to version 9.2.0272 immediately. For Emacs users, exercise strict caution when opening files from untrusted compressed archives until the maintainers provide a definitive resolution. Isolate your development environments using containers or virtual machines to limit the blast radius of editor-based code execution.