// GeminiCRITICAL
A critical command injection vulnerability (CVE-2026-12537, CVSS 10.0) in Google's Gemini CLI and run-gemini-cli GitHub Action allows unprivileged remote attackers to execute arbitrary OS commands before sandbox initialization. Two root causes enable the exploit: automatic workspace trust in headless mode loading malicious .env files, and tool allowlist bypass in --yolo mode. Attackers can exploit prompt injection to exfiltrate CI secrets and push malicious code to repositories. Patches released: @google/gemini-cli v0.39.1/v0.40.0-preview.3 and run-gemini-cli v0.1.22.
- Critical Gemini CLI Vulnerability Exposes CI Workflows to Comman(opens in a new tab)
- Critical Gemini CLI Vulnerability Lets Attackers Execute Arbitra(opens in a new tab)
// Get alerts for Gemini