CVE-2026-0755: Remote Code Execution and Arbitrary File Exfiltration in gemini-mcp-tool
Vulnerability ID: CVE-2026-0755
CVSS Score: 9.8
Published: 2026-06-18
CVE-2026-0755 is a critical vulnerability in gemini-mcp-tool (<= 1.1.5) that allows unauthenticated remote code execution on Windows installations and arbitrary local file exfiltration across all supported operating systems. The flaws exist within the execAsync command runner and the input handling logic of the Model Context Protocol (MCP) server, which fails to securely escape arguments passed to Node.js child processes and does not validate local file references in user-supplied prompt strings.
TL;DR
An unauthenticated remote code execution vulnerability on Windows and a cross-platform file exfiltration flaw in gemini-mcp-tool <= 1.1.5 allow attackers to execute arbitrary system commands or read sensitive local files via manipulated prompt inputs.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-78
- Attack Vector: Network
- CVSS v3.0 Score: 9.8
- EPSS Score: 0.03336
- Impact: Remote Code Execution / Local File Exfiltration
- Exploit Status: PoC Available
- KEV Status: Not Listed
Affected Systems
- gemini-mcp-tool
-
gemini-mcp-tool: <= 1.1.5 (Fixed in:
1.1.6)
Code Analysis
Commit: 715d567
Implement robust argument quoting for Windows and strict validation of local file references to prevent command injection and file exfiltration
Commit: 4632620
Resolve Windows spawning issues with shell:true when executing command-line utilities in Node 22+
Exploit Details
- Zero Day Initiative: ZDI-26-021: gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
Mitigation Strategies
- Upgrade gemini-mcp-tool to version 1.1.6 or higher immediately.
- Deploy the MCP server within unprivileged sandboxed environments on Windows systems.
- Filter prompt inputs at the gateway to strip system file indicators prior to processing.
Remediation Steps:
- Identify all running instances of gemini-mcp-tool within your environment.
- Execute 'npm install -g gemini-mcp-tool@latest' to download and install the security patch.
- Restart any host integrations, such as Claude Desktop or custom Node.js wrappers, to load the patched files.
- Confirm the installed version is 1.1.6 using the package manager check options.
References
- ZDI-26-021 Advisory
- CVE-2026-0755 on CVE.org
- gemini-mcp-tool Repository
- gemini-mcp-tool Documentation
Read the full report for CVE-2026-0755 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)