Security researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs. The issue was disclosed by Novee Security researchers and affects the @google/gemini-cli package and its associated GitHub Action, widely used in CI/CD workflows. “Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions,” reads a GitHub advisory issued on the flaw. Google acknowledged the flaw and thanked security researchers Elad Meged from Novee Securit...