Google Patches Critical Gemini CLI Flaw Enabling Remote Code Execution

Google has successfully patched a maximum severity vulnerability (CVSS 10) in its Gemini CLI tool, specifically affecting the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow. Security researchers discovered that the flaw could allow unauthenticated remote code execution (RCE) on affected systems, potentially giving attackers full control over developer environments and CI/CD pipelines. The vulnerability represented a critical supply chain risk given the widespread use of these packages in AI development workflows and automated build processes.

In parallel, security analysts identified separate flaws in Cursor, a popular AI-powered code editor, that could similarly enable code execution attacks. These vulnerabilities in Cursor's integration with large language models created potential attack vectors where malicious code could be injected through the editor's AI assistance features. The combination of these findings underscores the emerging security challenges in AI-enhanced development tools, where the intersection of traditional software vulnerabilities and AI-specific attack surfaces creates complex risk profiles.

Google's security team responded rapidly upon notification, releasing patches for both the npm package and GitHub Actions workflow. Users of Gemini CLI and developers utilizing the GitHub Actions integration have been strongly urged to update to the latest versions immediately. The company emphasized that no evidence of active exploitation was found, but given the critical severity and public disclosure, organizations should prioritize these updates to prevent potential attacks leveraging proof-of-concept exploits that may already be circulating.

This incident highlights the growing importance of securing AI development toolchains, as threat actors increasingly target the software supply chain. Security experts recommend implementing strict input validation, minimizing package dependencies, and maintaining robust monitoring for unusual behavior in development environments. The vulnerability also serves as a reminder that even established tech giants like Google are not immune to critical security flaws in their AI-focused products, necessitating constant vigilance and rapid response capabilities from development teams worldwide.