Gemini MCP tool had critical unauthenticated command injection vulnerability

Jan 2026

CVE-2026-0755, a critical command injection vulnerability (CVSS 9.8) in gemini-mcp-tool, allowed unauthenticated remote attackers to execute arbitrary code on systems running the MCP server for Gemini CLI integration. The execAsync method failed to sanitize user-supplied input before constructing shell commands, enabling attackers to inject arbitrary commands via shell metacharacters with no authentication required. No fixed version was available at the time of publication.

Incident Details

Perpetrator:Tool developer

Severity:Facepalm

Blast Radius:All users of gemini-mcp-tool versions 1.1.2 and above exposed to unauthenticated remote code execution

Tech Stack

Gemini CLIMCP

References

NVD: CVE-2026-0755 ↗Zero Day Initiative: ZDI-26-021 Advisory ↗