{"data":{"id":"426b7587-c527-41fd-bc4f-4332bf2d4669","title":"CVE-2026-0755: gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attack","summary":"A vulnerability in gemini-mcp-tool's execAsync method allows attackers to run arbitrary code (RCE, or remote code execution) on systems using this tool without needing to log in. The flaw occurs because the tool doesn't properly check user input before running system commands, letting attackers inject malicious commands.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0755","publishedAt":"2026-01-23T04:16:02.017Z","cveId":"CVE-2026-0755","cweIds":["CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["gemini-mcp-tool","Google Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00515,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}