Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical Google Gemini CLI Vulnerabilities Let Attackers Run Commands
CyberSecurity News

Critical Google Gemini CLI Vulnerabilities Let Attackers Run Commands

Key Takeaways A critical remote code execution (RCE) vulnerability, rated CVSS 10.0, was discovered in Google’s Gemini CLI and its associated GitHub Action. The flaw allowed unauthenticated...

Jennifer sherman
Jennifer sherman
April 30, 2026 3 Min Read
48 0

Key Takeaways

  • A critical remote code execution (RCE) vulnerability, rated CVSS 10.0, was discovered in Google’s Gemini CLI and its associated GitHub Action.
  • The flaw allowed unauthenticated attackers to execute arbitrary commands on host systems by exploiting how the CLI handled workspace trust in automated CI/CD environments.
  • This vulnerability bypassed traditional AI security measures like sandboxing and prompt injection defenses, affecting the underlying infrastructure.
  • Patches are available: Update @google/gemini-cli to version 0.39.1 or 0.40.0-preview.3, and google-github-actions/run-gemini-cli to version 0.1.22.

Critical Flaw in Google Gemini CLI Poses Supply Chain Threat

A severe remote code execution (RCE) vulnerability, scoring a maximum CVSS of 10.0, has been identified in the Google Gemini command-line interface (CLI) and its corresponding GitHub Action. This critical flaw enabled unauthorized external attackers to execute commands directly on host systems, effectively transforming automated CI/CD pipelines into potential vectors for supply chain attacks.

Table Of Content

  • Key Takeaways
  • Critical Flaw in Google Gemini CLI Poses Supply Chain Threat
  • Unpacking the Gemini CLI Vulnerability
  • Google Releases Patches
  • What You Should Do

Notably, this exploit did not leverage common AI attack methods such as prompt injection or model manipulation. Instead, it was an infrastructure-level vulnerability that activated before the AI agents’ sandboxing mechanisms could even initialize, demonstrating a deeper architectural weakness.

Unpacking the Gemini CLI Vulnerability

The core of the issue resided in how the Gemini CLI managed workspace trust within non-interactive settings. When operating in a headless mode, typical for CI/CD jobs, the CLI automatically trusted the current workspace folder. This behavior meant it would load any agent configuration found in that directory without requiring human intervention, security reviews, or sandboxing.

An attacker could exploit this by introducing a malicious configuration file into a repository’s workspace, for instance, via a standard pull request. The Gemini agent would then implicitly trust and execute this file, leading to immediate code execution on the host machine running the workflow. Such host-level access grants an unprivileged outsider the ability to access sensitive data, including secrets, cloud credentials, and source code available to the workflow. This level of compromise is sufficient to facilitate token theft, enable supply-chain pivots, and allow lateral movement into downstream production environments.

Google Releases Patches

Google has promptly released security patches to mitigate this critical vulnerability. System administrators are urged to upgrade their environments without delay to prevent potential exploitation. The following patched versions address the unauthenticated execution flaw:

  • Update @google/gemini-cli to version 0.39.1 or 0.40.0-preview.3.
  • Update google-github-actions/run-gemini-cli to version 0.1.22.

According to Novee Research, AI coding agents frequently operate within development pipelines, often with the same execution privileges as trusted human contributors. This deep integration means that vulnerabilities within AI infrastructure present a significant supply-chain risk. The Gemini CLI flaw underscores that modern AI security must encompass the entire path from the model to the application, including shell tools, repository files, and deployment workflows.

Threat actors are increasingly targeting development pipelines to distribute malicious payloads at scale to downstream users. Recent notable software supply-chain incidents highlight this accelerating trend, including:

  • The compromise of millions of axios npm package installations in March 2026 due to a hijacked maintainer account.
  • The Shai-Hulud worm impacting hundreds of npm packages in 2025, deploying a data wiper in its v2.0 variant.
  • The discovery of an RCE backdoor in XZ Utils through OpenSSH on affected Linux systems in 2024.
  • The Polyfill.io CDN hijack in 2024, which forced adopted scripts to automatically download malicious code.

What You Should Do

  • Immediately update @google/gemini-cli to version 0.39.1 or 0.40.0-preview.3.
  • Immediately update google-github-actions/run-gemini-cli to version 0.1.22.
  • Review CI/CD pipeline configurations to ensure that automated workflows do not implicitly trust external or untrusted input.
  • Implement robust approval processes for pull requests, especially those that modify configuration files impacting build or deployment processes.
  • Regularly audit dependencies and integrated tools in your development pipeline for known vulnerabilities.
  • Consider segmenting build environments and using least-privilege principles for service accounts running CI/CD jobs.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitPatchSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Jenkins Patches High-Severity Plugin Flaws, Including Path Traversal

Next Post

FBI, CISA Issue Zero Trust Guide for OT Environments

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us