Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

Discover a critical flaw in Google's Gemini CLI enabling code execution without prompts, risking supply chain attacks. Google patches it now.

By Content Team

May 1, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Researchers at Novee Security uncovered a critical vulnerability in Google's Gemini CLI that allowed attackers to execute arbitrary code on host machines — no prompt injection required. The flaw stemmed from Gemini CLI automatically trusting the current workspace folder, loading any agent configuration found there without sandboxing or human approval. A planted malicious config could expose secrets, credentials, and source code. In CI/CD pipelines, the risk escalated to full supply chain attacks. Google has since patched both Gemini CLI and the run-gemini-cli GitHub Action. The incident highlights a growing concern: AI coding agents now operate with trusted contributor-level access inside developer workflows.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

DarkSword iPhone Exploit Targets iOS 18

Mar 19, 2026

Google Rushes Chrome Security Update to Fix Critical WebView Vulnerability

Jan 7, 2026

AI-Powered 'Truman Show' Scam Creates Fake Investment Reality for Victims

Jan 9, 2026

AI-Powered Scams Set to Overtake Ransomware as Top Cyber Threat in 2026

Jan 23, 2026