GHSA-jj69-4grx-fqj5CriticalCVSS 7.8

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI ...

Published
June 24, 2026
Last Modified
July 2, 2026

🔗 CVE IDs covered (1)

📋 Description

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.

🔗 References (3)