A critical remote code execution vulnerability in the Google Gemini CLI and its associated GitHub Action. Assigned a maximum severity score of CVSS 10.0, the flaw allowed unprivileged external attackers to execute commands directly on host systems. This vulnerability effectively turned automated CI/CD pipelines into potential attack vectors in the supply chain. Unlike typical AI exploits,
The post Google Gemini CLI Vulnerabilities Allow Attackers to Execute Commands on Host Systems appeared first on Cyber Security News. Read More
Posted inNews