// Alert

Gemini threat report

// GeminiCRITICAL

A critical command injection vulnerability (CVE-2026-12537, CVSS 10.0) in Google's Gemini CLI and run-gemini-cli GitHub Action allows unprivileged remote attackers to execute arbitrary OS commands before sandbox initialization. Two root causes enable the exploit: automatic workspace trust in headless mode loading malicious .env files, and tool allowlist bypass in --yolo mode. Attackers can exploit prompt injection to exfiltrate CI secrets and push malicious code to repositories. Patches released: @google/gemini-cli v0.39.1/v0.40.0-preview.3 and run-gemini-cli v0.1.22.

// Get alerts for Gemini