CVE-2026-0755: gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attack
Summary
A vulnerability in gemini-mcp-tool's execAsync method allows attackers to run arbitrary code (RCE, or remote code execution) on systems using this tool without needing to log in. The flaw occurs because the tool doesn't properly check user input before running system commands, letting attackers inject malicious commands.
Vulnerability Details
EPSS: 0.5%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0755
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 92%