EXECUTIVE SUMMARY:
CVE-2026-0755 with a CVSS score of 9.8 is a critical vulnerability in the gemini-mcp-tool package, specifically affecting versions 1.1.2 to 1.1.5, which allows for OS command injection and arbitrary file exfiltration via prompt quoting. This vulnerability arises from the lack of proper input validation and quoting in the Gemini CLI, enabling an attacker to inject malicious commands or read sensitive files by manipulating the prompt input. An attacker can exploit this vulnerability by providing specially crafted input to the gemini-mcp-tool, potentially through a command-line interface or other means, requiring access to the system where the vulnerable package is installed. If successfully exploited, the attacker gains the capability to execute arbitrary system commands or exfiltrate sensitive files, such as password files or SSH private keys. The business impact of this vulnerability is significant, as it could lead to unauthorized access, data breaches, or disruption of critical systems. Exploitation of this vulnerability requires the attacker to have access to the system and the ability to provide input to the gemini-mcp-tool, and it is particularly severe on Windows systems due to the potential for unquoted cmd.exe metacharacters to facilitate OS command injection.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-0755 with a CVSS score of 9.8 is a critical vulnerability in the gemini-mcp-tool package, specifically affecting versions 1.1.2 to 1.1.5, which allows for OS command injection and arbitrary file exfiltration via prompt quoting. This vulnerability arises from the lack of proper input validation and quoting in the Gemini CLI, enabling an attacker to inject malicious commands or read sensitive files by manipulating the prompt input. An attacker can exploit this vulnerability by providing specially crafted input to the gemini-mcp-tool, potentially through a command-line interface or other means, requiring access to the system where the vulnerable package is installed. If successfully exploited, the attacker gains the capability to execute arbitrary system commands or exfiltrate sensitive files, such as password files or SSH private keys. The business impact of this vulnerability is significant, as it could lead to unauthorized access, data breaches, or disruption of critical systems. Exploitation of this vulnerability requires the attacker to have access to the system and the ability to provide input to the gemini-mcp-tool, and it is particularly severe on Windows systems due to the potential for unquoted cmd.exe metacharacters to facilitate OS command injection.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update gemini-mcp-tool to version 1.1.6.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-4h5r-5jm8-jxjm