Claude reportedly found zero-day RCE bugs in Vim and GNU Emacs, but one flaw is already patched
5 min. read 
Published on
Anthropic’s Claude is at the center of a new security story after Calif said it used the model to uncover remote code execution bugs in both Vim and GNU Emacs. The Vim issue has already been fixed by maintainers, while the Emacs issue remains disputed because Calif says GNU Emacs maintainers attributed the root cause to Git rather than the editor itself.
The bigger takeaway is not just that an AI model found bugs. It is that researchers say they used very simple natural-language prompts, then got working proof-of-concept results against two widely used legacy editors. Calif presented the findings as part of its new “MAD Bugs” project, short for Month of AI-Discovered Bugs.
For Vim users, the practical advice is clear. The official GitHub security advisory says versions earlier than 9.2.0172 are affected, and the issue was fixed in patch v9.2.0172. Calif’s post also urges users to upgrade right away.
How the Vim bug worked
According to Calif, the Vim proof of concept allowed arbitrary command execution when a victim simply opened a crafted Markdown file. The researchers said they started with a short prompt telling Claude to find an RCE bug that triggers on file open, and the model eventually produced a valid exploit chain.
The official Vim advisory gives more technical detail. It says the bug chain involved the tabpanel option missing a safety flag, which allowed a modeline to inject an expression string without requiring modelineexpr to be enabled. The advisory adds that autocmd_add() lacked a check_secure() call, which let sandboxed code register an autocommand that fired after the sandbox exited.
That matters because it turns a routine action into a security risk. In plain terms, a user could open a malicious file and end up executing OS commands without expecting anything unusual to happen first. Vim rates the flaw as High severity with a CVSS score of 8.2.
Emacs is more complicated
Calif says it then turned to GNU Emacs after joking that switching editors might avoid the Vim issue. The group claims Claude also found an RCE-style path there, using a compressed archive that leads a victim to open a seemingly harmless text file. Calif says no Emacs prompt or confirmation dialog appears, and that the issue works with the default configuration.
The dispute starts with ownership of the problem. Calif’s public disclosure timeline says it reported the issue to GNU Emacs maintainers on March 28, 2026, and that maintainers declined to address it on March 30, attributing the issue to Git. Calif’s proposed fix targets vc-git.el, which supports the idea that the exploit path depends on Git integration rather than a pure editor-parsing bug in Emacs alone.
So the safest framing is this: Calif says Claude found an exploit path that reaches code execution through Emacs when opening a file in a crafted setup, but the maintainers do not appear to agree that Emacs itself should treat it as its own security flaw. That distinction matters for users because it affects how quickly a fix may arrive and where mitigations need to happen.
Why this story matters beyond Vim and Emacs
This report lands in a wider moment for AI-assisted security research. Anthropic has already said Claude found multiple real software flaws, including bugs in projects such as OpenSC and CGIF, and described cases where the model reasoned its way to bugs that traditional fuzzers had not focused on heavily.
That does not mean AI replaces human researchers. Calif still had to verify the results, build proof-of-concept exploits, and handle disclosure. Anthropic has also stressed human verification in its own security work, which matches the pattern here.
Still, the headline is hard to ignore. If a model can move from a rumor-like prompt to a working exploit in mature software, bug hunting may become faster, cheaper, and far more scalable for both defenders and attackers. Calif openly compared the feeling to the early SQL injection era, when simple mistakes produced outsized impact.
What users should do now
- Update Vim immediately if you run a vulnerable version. The official advisory says versions earlier than 9.2.0172 are affected.
- Treat unsolicited files and archives with extra caution, especially if they came from email, chat, or shared folders.
- For Emacs setups that rely on Git integration, watch for guidance or mitigations from maintainers and downstream distributions.
- Security teams should assume AI-assisted bug discovery will keep accelerating and reduce the time between bug discovery and public exploitation. This is an inference from the speed and framing of both the Calif and Anthropic disclosures.
Quick comparison
| Software | Claimed trigger | Status | What users should do |
|---|---|---|---|
| Vim | Opening a crafted file, including Calif’s Markdown proof of concept | Patched | Upgrade to Vim 9.2.0172 or later |
| GNU Emacs | Opening a text file from a crafted archive in a Git-related setup | Disputed, no upstream fix noted in Calif disclosure | Avoid untrusted archives and monitor for mitigations |
FAQ
The confirmed part is that Vim published an official security advisory for GHSA-2gmj-rpqf-pxvh and patched the issue. Calif also publicly documented both proof-of-concept paths and its disclosure timeline.
Calif says Claude found them from simple prompts, but humans still validated the results and handled disclosure. Anthropic’s own security write-up also shows that human confirmation remains part of the process.
Calif says yes in the disclosed setup, but GNU Emacs maintainers reportedly declined to treat it as an Emacs bug and pointed to Git instead. That means the risk may be real in practice while responsibility for the fix remains contested.
AI-assisted vulnerability research now looks capable of finding serious bugs in mature software with surprising speed. The security challenge now shifts from discovery alone to fast verification, disclosure, and patching.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages