{"data":{"id":"a67a6b02-65ce-4345-8a52-2e7c95f4dd10","title":"Max-severity RCE flaw found in Google Gemini CLI","summary":"A maximum-severity vulnerability in Google Gemini CLI allowed remote code execution (RCE, where attackers can run commands on a system they don't own) when the tool processed untrusted inputs in automated environments like CI/CD pipelines (automated workflows that test and deploy code). The flaw occurred because the CLI automatically trusted workspace configurations without verification, letting attackers inject malicious code that would execute before security protections kicked in.","solution":"The issue was fixed in @google/gemini-cli versions 0.39.1 and 0.40.0-preview.3, and in run-gemini-cli version 0.1.22. The patches removed implicit workspace trust in headless (non-interactive) environments and now require explicit trust decisions before loading workspace configurations. Additionally, the fix enforces stricter tool allowlisting (a list of permitted commands) to prevent command execution outside intended restrictions. Workflows that pin a specific gemini-cli version are advised to upgrade to a patched release and review their existing Gemini CLI configurations.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4165470/max-severity-rce-flaw-found-in-google-gemini-cli.html","publishedAt":"2026-04-30T11:31:34.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google","Google Gemini CLI","@google/gemini-cli","run-gemini-cli GitHub Action"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-30T11:31:34.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}