Critical RCE Vulnerability in Google Gemini CLI Exposes CI/CD Pipelines

Severity: High (Score: 72.8)

Sources: Hashnode, Gbhackers

Summary

Google has issued urgent security updates for its Gemini CLI and GitHub Action to address a critical vulnerability, identified as GHSA-wpqr-6v78-jr5g. This flaw allows for Remote Code Execution (RCE) attacks due to improper handling of workspace trust and tool allowlisting. The vulnerability affects CI/CD pipelines, potentially compromising automated workflows. The CVSS score for this vulnerability is 9.8, indicating a high level of severity. Users of Gemini CLI prior to version 0.17.2 are particularly at risk. Google has recommended immediate updates to mitigate the risk. The vulnerability was publicly disclosed on April 24, 2026. Security professionals are advised to review their configurations and apply the necessary patches. Key Points: • A critical RCE vulnerability in Google Gemini CLI has a CVSS score of 9.8. • The flaw affects CI/CD pipelines, allowing potential compromise of automated workflows. • Users are urged to update to Gemini CLI version 0.17.2 or later immediately.

Key Entities

• Remote Code Execution (attack_type)
• Supply Chain Attack (attack_type)
• Zero-day Exploit (attack_type)
• T1195 - Supply Chain Compromise (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Gemini CLI (tool)
• GitHub Action (tool)
• Google Gemini CLI (platform)
• GHSA-wpqr-6v78-jr5g (vulnerability)
• Remote Code Execution In Google Gemini CLI Via Workspace Settings Bypass (vulnerability)