{"data":{"id":"69abd017-72f5-44e3-81ef-8dcdf0e72d23","title":"Claude AI finds Vim, Emacs RCE bugs that trigger on file open","summary":"Claude AI helped discover remote code execution (RCE, where attackers can run commands on a system they don't own) vulnerabilities in Vim and GNU Emacs text editors that trigger simply by opening a malicious file. In Vim, the issue involved improper security checks in modeline handling (special instructions at the start of a file), while in GNU Emacs, the vulnerability exploits automatic Git operations that run user-defined programs from untrusted configuration files.","solution":"For Vim: A patch was released in version 9.2.0272 that addresses the vulnerability (all versions 9.2.0271 and earlier are affected). For GNU Emacs: The maintainers have not patched the issue, but the researcher suggested that GNU Emacs could modify Git calls to explicitly block 'core.fsmonitor' to prevent dangerous scripts from executing automatically. Until a patch is released, users are advised to exercise caution when opening files from unknown sources or downloaded online.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/claude-ai-finds-vim-emacs-rce-bugs-that-trigger-on-file-open/","publishedAt":"2026-03-31T21:45:14.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-31T21:45:14.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}