By The Hacker News
Publication Date: 2026-04-30 07:07:00
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.
“The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,” Novee Security said in a Wednesday report. “This triggered command execution directly on the host system, bypassing security before the agent’s sandbox even initialized.”
The shortcoming, which does not have a CVE identifier, carries a CVSS score of 10.0. It affects the following versions –
- @google/gemini-cli < 0.39.1
- @google/gemini-cli < 0.40.0-preview.3
- google-github-actions/run-gemini-cli < 0.1.22
In its advisory published last week, Google said the impact is limited to workflows using Gemini CLI in headless mode, adding that any use of the tool in headless mode without folder trust…
