Researchers at Novee Security discovered a critical remote code execution vulnerability in Gemini CLI that allowed malicious configurations in a workspace to execute arbitrary commands on the host before sandbox initialization. Google patched Gemini CLI and the run-gemini-cli GitHub Action after researchers warned the flaw could enable token theft, lateral movement, and supply-chain attacks within CI/CD pipelines. #GeminiCLI #NoveeSecurity
Keypoints
- Novee Security identified a remote code execution vulnerability in Gemini CLI that auto-trusted workspace configurations.
- A malicious configuration could trigger arbitrary command execution on the host before any sandboxing occurred.
- Google released patches for both Gemini CLI and the run-gemini-cli GitHub Action.
- Successful exploitation could expose secrets, credentials, and source code, enabling token theft and lateral movement.
- The flaw could be leveraged in CI/CD to perform supply-chain attacks, and similar AI agent hijacks have been demonstrated via malicious GitHub comments.