DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-WPQR-6V78-JR5G: GHSA-WPQR-6V78-JR5G: Remote Code Execution in Google Gemini CLI via Workspace Settings Bypass

#security #cve #cybersecurity #ghsa

GHSA-WPQR-6V78-JR5G: Remote Code Execution in Google Gemini CLI via Workspace Settings Bypass

Vulnerability ID: GHSA-WPQR-6V78-JR5G
CVSS Score: 9.8
Published: 2026-04-24

The Google Gemini CLI (prior to v0.17.2) is vulnerable to unauthenticated remote code execution due to an insecure default workspace trust configuration. By crafting a malicious .gemini/settings.json file, attackers can execute arbitrary OS commands when a user initializes the CLI application within the compromised repository.

TL;DR

A flaw in the Gemini CLI's workspace trust logic allows arbitrary command execution via maliciously crafted .gemini/settings.json files during the tool discovery phase.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: OS Command Injection / Insecure Trust Default
  • CWE ID: CWE-78
  • Attack Vector: Network / File-based (via Malicious Repository)
  • CVSS 3.1 Score: 9.8
  • Exploit Status: Proof of Concept Available
  • Impact: Arbitrary Remote Code Execution

Affected Systems

  • google-gemini/gemini-cli
  • google-gemini/gemini-cli: <= v0.17.1 (Fixed in: v0.17.2)

Exploit Details

  • Dhiraj Mishra Analysis: Proof of concept demonstrating code execution via tools.discoveryCommand configuration.

Mitigation Strategies

  • Upgrade Gemini CLI to version v0.17.2 or later.
  • Enforce explicit workspace trust mechanisms (fail-closed logic).
  • Audit third-party repositories for hidden configuration files (.gemini/settings.json) prior to execution.
  • Restrict available commands for tool discovery to an explicit allowlist.

Remediation Steps:

  1. Verify the installed version of Gemini CLI using the package manager.
  2. Update the installation to at least version v0.17.2.
  3. Implement EDR rules to flag suspicious sub-processes launched by the gemini binary.
  4. Educate development teams on the risks of running automated CLI tools within untrusted repositories.

References

Read the full report for GHSA-WPQR-6V78-JR5G on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)