CRITICAL🇵🇱 Wersja polska

CVE-2026-12537

CVSS 10.0v4.0pub. 2026-06-24upd. 2026-07-02

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.

🤖 AI Analysis
How it works

The vulnerability consists of improper input validation in the operating system command used in the container execution module (CWE-20 / Improper Input Validation / command injection). An attacker can place a maliciously crafted .gemini/.env file in a repository or project, and its contents will be passed to the system command without proper sanitization. As a result, code contained in the file is executed on the host before the sandbox isolation mechanisms are activated, completely bypassing containerization security on headless CI platforms.

Impact

An attacker can achieve full remote code execution (RCE) at the host system level before entering the sandbox environment, which can lead to compromise of the entire CI/CD environment, theft of secrets and tokens, and lateral movement within the infrastructure.

Mitigation & patch

Immediately update Google Gemini CLI to version 0.39.1 or later and GitHub Action run-gemini-cli to version 0.1.22 or later. Additionally, it is recommended to review the contents of .gemini/.env files in repositories for unauthorized modifications and restrict access to CI pipelines from untrusted code sources.

Who is affected

Google Gemini CLI in versions prior to 0.39.1 and GitHub Action run-gemini-cli in versions prior to 0.1.22, used on headless CI platforms.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
  • Google Gemini Cli

    APP
    Google
    0.40.0< 0.39.1
  • Google Run Gemini Cli

    APP
    Google
    < 0.1.22
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEContainerCommand Injection
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2024-7971CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome/Edge) umożliwiający heap corruption

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox