It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.