CyberSecurity News

Critical Gemini MCP Tool 0-Day Allows Remote Vulnerability Attackers

A critical zero-day vulnerability has been identified in the Gemini MCP Tool. This flaw exposes users to remote code execution (RCE) attacks that require no authentication. Tracked as ZDI‑26‑021 /...

David kimber
David kimber
January 28, 2026 2 Min Read
0 0

A critical zero-day vulnerability has been identified in the Gemini MCP Tool. This flaw exposes users to remote code execution (RCE) attacks that require no authentication.

Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease of exploitation and severe impact.

According to a new advisory from Trend Micro’s Zero Day Initiative (ZDI), the issue affects the open‑source gemini-mcp-tool, a utility designed to integrate Gemini models with Model Context Protocol (MCP) services.

Vulnerability Overview

Both the vendor and product are listed as Gemini MCP Tool / gemini-mcp-tool in the advisory. At the core of the vulnerability is the improper handling of user‑supplied input in the execAsync method.

This function passes input directly into a system call without adequate validation or sanitization.

A remote attacker can exploit this command injection weakness to execute arbitrary code on the underlying system, running with the privileges of the service account.

Field Information
CVE ID CVE-2026-0755
0‑Day Name gemini-mcp-tool execAsync Command Injection RCE Vulnerability
CVSS v3.1 Score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product gemini-mcp-tool
Impact Remote, unauthenticated arbitrary code execution

Because the attack vector is network‑based and requires no prior authentication or user interaction, internet‑exposed or shared environments are at particularly high risk.

The vulnerability was originally reported to the vendor on July 25, 2025, via a third‑party platform.

ZDI followed up for updates in November 2025 and, after receiving no sufficient response, informed the vendor on December 14, 2025 of its intention to publish the case as a zero‑day advisory.

The coordinated public disclosure and advisory update occurred on January 9, 2026.

At the time of publication, no official patch or update has been documented. As a result, mitigation options are limited.

ZDI recommends strictly restricting access to the Gemini MCP Tool by ensuring it is not directly exposed to the internet and limiting interaction to trusted networks and users.

Administrators should also monitor systems running gemini-mcp-tool for suspicious process execution and unusual outbound connections that could indicate successful exploitation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts