Google Patches Critical CVSS 10 Vulnerability in Gemini CLI Enabling Remote Code Execution

Google patched a maximum severity vulnerability (CVSS 10) in the Gemini CLI, specifically affecting the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow. The flaw allowed unprivileged external attackers to execute arbitrary commands on host systems by forcing malicious content to load as Gemini configuration. No specific CVE ID, exploitation instances, or patch release date were disclosed in the report. The vulnerability targeted systems using the affected npm package and GitHub Actions workflow. The impact included potential remote code execution (RCE) on compromised hosts.