Critical Vulnerability Found in Google's Gemini CLI Tool
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (AP) — A critical security flaw discovered in Google's Gemini CLI, an open-source artificial intelligence agent, allows attackers to execute arbitrary commands on developer systems and potentially steal credentials.
Researchers from Novee Security identified the remote code execution vulnerability on Wednesday, prompting an immediate alert to developers worldwide. The flaw exists within the tool's architecture, which automatically trusts the current workspace folder without implementing sandboxing, human approval, or configuration reviews.
The vulnerability enables threat actors to inject malicious configurations that run directly on the host system. This exposure puts continuous integration and deployment pipelines at risk, potentially compromising supply chains and sensitive data within developer environments.
Google acknowledged the issue and is working with Novee Security to deploy a patch. The Gemini CLI is widely used by software engineers to automate tasks and manage workflows, making the exposure significant across the global technology sector. The tool's design prioritized convenience by removing friction points for users, but this approach inadvertently created a pathway for unauthorized code execution.
Security experts warn that any system running the affected version of Gemini CLI is susceptible to exploitation. Attackers could leverage the flaw to gain initial access to corporate networks, exfiltrate proprietary code, or plant backdoors for future operations. The risk is particularly acute in environments where the tool is integrated into automated build processes.
Novee Security researchers stated that the vulnerability stems from the tool's lack of verification mechanisms when processing workspace configurations. Without a sandbox or manual review step, malicious actors can manipulate the environment to execute commands with the same privileges as the user running the tool.
Google has advised users to update their systems immediately and avoid running the tool in untrusted directories. The company is also investigating whether the vulnerability has been exploited in the wild, though no confirmed incidents have been reported as of Wednesday afternoon.
The discovery highlights broader concerns about security in AI-driven development tools. As artificial intelligence agents become more integrated into software engineering workflows, the potential for supply chain attacks grows. Developers are urged to review their security protocols and ensure that automation tools include adequate safeguards.
Questions remain regarding the full extent of the vulnerability's impact and whether other similar tools share the same architectural weaknesses. Security teams are monitoring the situation closely as patches are rolled out and developers assess their exposure.