
Critical Gemini CLI Vulnerability Exposes CI Workflows to Command Injection Attacks
A maximum-severity vulnerability in Google’s Gemini CLI and the run-gemini-cli A GitHub Action has been publicly disclosed, enabling unprivileged remote attackers to execute arbitrary OS commands on the host before the agent’s sandbox even initializes. Tracked as CVE-2026-12537 and assigned a perfect CVSS v4 score of 10.0, the flaw puts thousands of CI/CD pipelines at […]
The post Critical Gemini CLI Vulnerability Exposes CI Workflows to Command Injection Attacks appeared first on Cyber Security News.