Claude AI Finds Two Critical Vim 9.2 Bugs by Simply Asking

Have you ever opened a Vim or Emacs terminal and thought you were safe? You’re not. Recent testing shows Claude AI can easily find hidden security flaws in these popular editors just by asking for them, revealing two critical vulnerabilities that let attackers execute code simply by opening a file.

Hidden Flaws Found in Vim, Not by Humans, But by Claude

Modeline Execution in Vim 9.02

Researchers fed Claude a simple prompt: find a remote code execution zero-day in Vim. The AI didn’t need a Ph.D. in reverse engineering to spot the issues. The first flaw, tracked under advisory GHSA-2gmj-rpqf-pxvh, lies in how the editor handles modelines. The AI found a missing security check in a flag called P_MLE. A malicious modeline could inject an expression string without needing the modelineexpr setting to be enabled. It also found that the `autocmd_add()` function lacked a `check_secure()` call, which meant sandboxed code could register an autocommand that fires after the sandbox exits.

An attacker who can deliver a crafted file to a victim achieves arbitrary command execution with the privileges of the user running Vim. If you open a malicious `.vim` file, your terminal is compromised. The good news is that the Vim team acted fast, patching the issue in version 9.02. It’s a classic example of the security cycle working, albeit with a little help from AI.

Emacs and the Argument Over Git

Git Config Exploits in Emacs

When researchers applied the same approach to GNU Emacs, Claude found a flaw in its version control integration, specifically the `vc-git` module. The problem triggers when opening a file because Git needs to refresh its state. Git reads a user-defined `.git/config` file, which can point to a program. If that config is malicious, the program runs. The researchers demonstrated that by creating an archive with a hidden `.git` directory and a malicious config file, an attacker could execute arbitrary commands just by extracting and opening a text file.

The Maintenance Debate

Here’s where it gets messy. The GNU Emacs maintainers have pushed back, arguing that the problem isn’t in the editor—it’s in Git. Since Git made the config executable, they say, Git is the one that needs fixing, not Emacs. From a strict technical standpoint, they have a point. The environment is merely a trigger; Git is the one executing the payload. But from a practical standpoint, it leaves users with an unpatched high-severity vulnerability in a tool they use every day. It’s a contentious debate, and it highlights a larger issue: the sheer volume of code out there is too large for human teams to check alone.

Why AI is Changing the Game

Anthropic’s own red team data reinforces this concern, noting that Claude Opus 4.6 has already identified over 500 high-severity zero-days in production software. That’s not just a trend; it’s a paradigm shift. Calif has even launched a “MAD Bugs” initiative to keep the momentum going, running through the end of the year. So, is your editor safe? Probably, if you keep it updated. But with AI now capable of hunting down these bugs with simple prompts, the days of assuming open-source code is automatically secure are over.

Practitioners Perspective

For sysadmins and DevOps engineers, this news is a reminder that security isn’t a set-it-and-forget-it task. If you’re managing Linux servers, ensure your Vim is updated. On the Emacs side, you might need to get comfortable with a debate: do you patch the editor, or do you patch Git? Both are valid, but neither solves the user’s immediate risk. The takeaway? Always assume that opening a file from an untrusted source is a bad idea, regardless of the tool.