Claude AI Found a Critical Vim Zero-Day in Under Two Minutes
A security researcher handed Anthropic’s Claude Code a single instruction: “Somebody told me there is an RCE 0-day when you open a file. Find it.”
Two minutes later, Claude had identified a critical remote code execution vulnerability in Vim — the text editor installed on virtually every Linux server, Mac, and developer workstation on the planet. The bug, now tracked as CVE-2026-34714, allows an attacker to execute arbitrary operating system commands simply by tricking someone into opening a crafted file.
No plugins. No macros. No confirmation dialog. Just open the file.
The Vulnerability: A Two-Link Chain
The exploit chains together two separate oversights in Vim’s codebase that, combined, break out of the editor’s security sandbox:
Link 1: Missing Security Flag
Vim’s tabpanel option — part of the sidebar feature introduced in version 9.1.1391 — was missing the P_MLE (Prevent Modeline Expressions) security flag. Similar options like statusline and tabline have this flag. The tabpanel option simply never got it.
This means a malicious file can set tabpanel to contain a %{expr} expression that Vim will evaluate when the file is opened.
Link 2: Sandbox Escape
Vim correctly evaluates these expressions inside a sandbox. But the autocmd_add() function was missing a check_secure() call. This means sandboxed code can register an autocommand that fires after the sandbox exits, with full privileges. Game over.
The Attack Flow
- Attacker crafts a file with a malicious modeline
- Victim opens the file in Vim — modelines are enabled by default
- The modeline injects a
%{expr}expression into the tabpanel setting - The expression runs inside the sandbox and calls
autocmd_add() - The registered autocommand fires after the sandbox exits
- Arbitrary OS commands execute with the victim’s privileges
The Numbers
| Detail | Value |
|---|---|
| CVE | CVE-2026-34714 |
| CVSS Score | 8.2 (High) |
| Advisory | GHSA-2gmj-rpqf-pxvh |
| Affected Versions | Vim 9.1.1391 through 9.2.0271 |
| Patched Version | 9.2.0272 |
| Weakness | CWE-78 (OS Command Injection) |
| Attack Vector | Open a crafted file |
| Time to Discovery | Under 2 minutes |
Who Found It
Discovered by Hung Nguyen from Calif, an AI red teaming company, using Claude Code. Part of the MAD Bugs initiative (April 2026). Claude identified exact source locations:
src/optiondefs.h:2581— Missing P_MLE flagsrc/option.c:1572-1576— Modeline security checks bypassedsrc/autocmd.c:3316— autocmd_add() lacks check_secure()
Project Glasswing
Anthropic announced Project Glasswing, a $100M initiative with 12 partners (AWS, Apple, Microsoft, Google, NVIDIA, Linux Foundation) to find vulnerabilities in critical software.
- Thousands of high-severity zero-days across every major OS and browser
- A 27-year-old flaw in OpenBSD
- A 16-year-old FFmpeg vulnerability undetected across 5M test runs
- 72.4% exploit success rate for Mythos Preview
“We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.”
What You Should Do
Update Vim to 9.2.0272+. Temporary fix: add set nomodeline to your .vimrc.
The Uncomfortable Question
An AI found a critical zero-day in one of the most widely-deployed editors on Earth in under two minutes. It had been hiding in a codebase audited by humans for over three decades. If Claude can find this, what else is out there?
Sources: GitHub Advisory | Anthropic Glasswing | Help Net Security | The Register