TL;DR: Emacs has a vulnerability (CVE-2024-53920) where viewing or editing Emacs Lisp code can run arbitrary code due to unsafe Lisp macro-expansion. This well-known issue has not been addressed, making most common configurations vulnerable. Exploitation involves crafting a malicious Emacs Lisp file that triggers code diagnosis, leading to arbitrary code execution. Automatic error checking and code completion features in .el files can be exploited. The Emacs maintainers are working on a fix, but until then, users are advised to be cautious with .el files and disable certain features. This vulnerability has been known for years, with no immediate solution in sight.
https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html