Forensic Summary
Google has patched a maximum-severity (CVSS 10.0) vulnerability in its Gemini CLI tooling that allowed unauthenticated attackers to achieve remote code execution by planting malicious configuration files in workspace directories automatically trusted by the agent in headless/CI mode. The flaw effectively weaponised CI/CD pipelines as supply chain attack paths, bypassing sandbox protections entirely before they could initialise. A secondary issue in '--yolo' mode further enabled prompt injection to trigger unrestricted shell command execution.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/cvss-10-gemini-cli-flaw-turns-ci-cd-pipelines-into-rce-attack-vectors/
Top comments (0)