Google Gemini CLI hit with CVSS 10.0 RCE, breaking trust boundaries

By PulseAugur Editorial · Summary by gemini-2.5-flash-lite from 1 source

A critical vulnerability with a CVSS score of 10.0 has been discovered in Google's Gemini CLI, allowing an attacker to execute arbitrary code by submitting a pull request that includes a malicious configuration file. This exploit bypasses security measures by loading the compromised file before the agent's sandbox is activated. The incident is part of a larger trend of security breaches affecting AI tools, with other recent examples including CursorJacking and a supply chain attack on Vercel's AI tool. AI

Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →

IMPACT Highlights critical security flaws in AI agent trust models, potentially impacting enterprise adoption and requiring enhanced supply chain security.

RANK_REASON Discovery of a critical vulnerability in an AI-powered command-line tool.

Read on Mastodon — fosstodon.org →

COVERAGE [1]

Mastodon — fosstodon.org TIER_1 · [email protected] · 2026-04-30 14:08

New post: CVSS 10.0 in Gemini CLI. Google's AI agent trusted the workspace by default. An attacker's PR planted a config file. The agent loaded it before its sa

New post: CVSS 10.0 in Gemini CLI. Google's AI agent trusted the workspace by default. An attacker's PR planted a config file. The agent loaded it before its sandbox even started. Maximum severity, zero prompt injection required. Plus CursorJacking (unpatched credential theft) an…

COVERAGE [1]

New post: CVSS 10.0 in Gemini CLI. Google's AI agent trusted the workspace by default. An attacker's PR planted a config file. The agent loaded it before its sa

RELATED ENTITIES

RELATED TOPICS