Wilfred Hughes

**Name of the Vulnerable Software and Affected Versions** GNU Emacs versions through 30.0.92 **Description** The issue is related to the `elisp-completion-at-point` function in GNU Emacs, which can trigger unsafe Lisp macro expansion when used on untrusted Emacs Lisp source code. This allows attackers to execute arbitrary code. The same unsafe expansion occurs if a user enables on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code. The vulnerability is associated with incorrect code generation management. **Recommendations** For GNU Emacs versions through 30.0.92, update to a version later than 30.0.92 to resolve the issue. As a temporary workaround, consider disabling the `elisp-completion-at-point` function and avoiding the use of on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code until a patch is available. Restrict access to untrusted Emacs Lisp source code to minimize the risk of exploitation.