{"data":{"id":"4db4a187-706f-46fc-9dfa-b6b0e0b2a6cc","title":"CVE-2026-12537: Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) ","summary":"A critical vulnerability (CVE-2026-12537) exists in Google Gemini CLI versions before 0.39.1 and the run-gemini-cli GitHub Action before version 0.1.22 that allows attackers to run malicious code on a host system before sandbox protections activate by creating a specially crafted .gemini/.env file (improper neutralization is a failure to filter dangerous characters from user input before using it in system commands). This affects headless CI (continuous integration, automated testing environments) platforms and has a maximum severity rating of 10.0.","solution":"Update Google Gemini CLI to version 0.39.1 or later, and update the run-gemini-cli GitHub Action to version 0.1.22 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-12537","publishedAt":"2026-06-24T14:17:29.630Z","cveId":"CVE-2026-12537","cweIds":["CWE-20"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google","Google Gemini CLI","run-gemini-cli GitHub Action"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-24T14:17:29.630Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}