32 matches found
CVE-2026-12537
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...
CVE-2026-12537
Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...
CVE-2026-12537 Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...
EUVD-2026-38790
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...
PT-2026-51788
Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...
Malicious code in @ikyyofc/gemini-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...
GHSA-Q7RR-3CGH-J5R3 vulnerabilities
Vulnerabilities for packages: gemini-cli, cadence-web, kibana, langfuse, langfuse-fips, librechat...
CVE-2026-44902 vulnerabilities
Vulnerabilities for packages: gemini-cli, cadence-web, kibana, langfuse, langfuse-fips, librechat...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: lerna, sqlpad, wazuh-dashboard-fips, pulumi, kubeflow-pipelines, gemini-cli, opensearch-dashboards, npm, tileserver-gl-fips, prism, code-server, renovate, opensearch-dashboards-fips, drupal, kibana, actions-runner, langfuse, wazuh-dashboard, langfuse-fips,...
Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: dbgate-fips, argo-workflows, jitsucom-jitsu, gitlab-rails-ce, sqlpad, wazuh-dashboard-fips, redisinsight, kubeflow-pipelines, gemini-cli, homepage, npm, opensearch-dashboards, dbgate, kubeflow-centraldashboard, py3-jupyterlab, prism, code-server, renovate,...
GHSA-WPQR-6V78-JR5G vulnerabilities
Vulnerabilities for packages: gemini-cli...
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...
@13w/local-rag (=2.0.0), @amodalai/cli (>=0.1.0 <=0.1.1) +30 more potentially affected by unknown CVE via @google/gemini-cli (>=0.11.3 <=0.39.0-nightly.20260411.0957f7d3e)
@google/gemini-cli NPM version =0.11.3, =0.1.0, =0.1.5, =0.1.0, =1.0.0, =0.0.17, =0.6.4, =0.0.1, =1.3.0, =0.1.10, =1.0.0, =2.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-GOOGLEGEMINICLI-16301693...
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
Command Injection
Overview @google/gemini-cli is a Gemini CLI Affected versions of this package are vulnerable to Command Injection via the processing of untrusted workspace folders in headless mode and the handling of tool allowlisting under --yolo mode. An attacker can execute arbitrary code by submitting...
GHSA-WPQR-6V78-JR5G Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
Malicious code in gemini-cli-vscode-ide-companion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a98d87fa5f23a47c4b1ea2c0cecb3e88518985493c1b7f125299ecf8ee6dba1 The package gemini-cli-vscode-ide-companion was found to contain malicious code...
MAL-2026-2764 Malicious code in gemini-cli-vscode-ide-companion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a98d87fa5f23a47c4b1ea2c0cecb3e88518985493c1b7f125299ecf8ee6dba1 The package gemini-cli-vscode-ide-companion was found to contain malicious code...
GHSA-26PP-8WGV-HJVM vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, gemini-cli, opensearch-dashboards, kibana, langfuse, langfuse-fips, librechat...