Overview
- Security researcher Hung Nguyen at Calif used a vague, outcome-focused prompt in Claude to hunt for code execution triggered by simply opening a file in popular editors.
- Vim released version 9.2.0272 after Claude flagged missing checks in modeline handling that let commands run on file open, with the issue tracked as GHSA-2gmj-rpqf-pxvh.
- The Emacs path arises from its vc-git feature, which on open runs Git actions that read .git/config and can honor core.fsmonitor, creating a path for an attacker-controlled program to run.
- A workable attack packs a hidden .git directory in an archive and points core.fsmonitor to a payload, so a user who extracts it and opens the file in Emacs runs that code without prompts on default settings.
- Emacs maintainers point to Git as the root cause and no fix is in place, prompting advice to avoid untrusted files and fueling interest in AI-driven red teaming such as the new MAD Bugs effort.