CVE-2026-12537 PUBLISHED

Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows

Assigner: GoogleCloud
Reserved: 17.06.2026 Published: 24.06.2026 Updated: 24.06.2026

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear
CVSS Score: 10

Product Status

Vendor Google Cloud
Product Gemini CLI
Versions Default: unaffected
  • affected from 0 to 0.39.1 (excl.)
Vendor Google Cloud
Product run-gemini-cli GitHub Action
Versions Default: unaffected
  • affected from 0 to 0.1.22 (excl.)

Solutions

Ensure you are using the latest version of gemini cli and follow the best practices guide https://github.com/google-github-actions/run-gemini-cli/blob/main/docs/trust-guidance.md .

Credits

  • Elad Meged of Novee Security reporter
  • Devansh Batham reporter

References

Problem Types

  • CWE-20 Improper Input Validation CWE

Impacts

  • CAPEC-88 OS Command Injection