Critical Gemini CLI Vulnerability Exposes CI/CD Pipelines to Remote Code Execution
A severe security flaw in the Gemini CLI specifically the @google/gemini-cli npm package and the google-github-actions/run-gemini-cli GitHub Action has been identified, enabling attackers to execute remote code in automated workflows. The vulnerability primarily affects headless environments, such as CI/CD pipelines, where the tool processes untrusted inputs like external pull requests or issue submissions.
The issue stems from two key weaknesses:
- Unsafe workspace trust handling – Misconfigurations in trust models can allow malicious payloads to bypass security controls.
- Bypass of tool allowlisting under
--yolomode – A relaxed execution mode that disables safeguards, permitting unintended command execution.
Systems are particularly at risk when processing external contributions in automated pipelines, where attackers could exploit these flaws to gain unauthorized access. Mitigation strategies include disabling unsafe execution modes, enforcing least-privilege access for runners and tokens, and validating inputs before execution.
The discovery highlights broader risks in DevOps automation, where security gaps in tooling and configuration can expose critical infrastructure to exploitation. No active exploitation has been reported at this time.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7454730484594429952
Google TPRM report: https://www.rankiteo.com/company/googlecloudsecurity
"id": "goo1777350230",
"linkid": "googlecloudsecurity",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of @google/gemini-cli npm '
'package and '
'google-github-actions/run-gemini-cli '
'GitHub Action',
'industry': 'Technology',
'name': 'Google (Gemini CLI)',
'type': 'Technology/Software Provider'}],
'attack_vector': 'Untrusted input processing in CI/CD pipelines',
'description': 'A severe security flaw in the Gemini CLI (@google/gemini-cli '
'npm package and google-github-actions/run-gemini-cli GitHub '
'Action) has been identified, enabling attackers to execute '
'remote code in automated workflows. The vulnerability affects '
'headless environments like CI/CD pipelines processing '
'untrusted inputs (e.g., external pull requests or issue '
'submissions). The issue stems from unsafe workspace trust '
'handling and bypass of tool allowlisting under --yolo mode, '
'which disables safeguards and permits unintended command '
'execution.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'security flaws in DevOps tooling',
'operational_impact': 'Unauthorized access to critical '
'infrastructure, potential data exfiltration '
'or system compromise',
'systems_affected': 'CI/CD pipelines, automated workflows'},
'lessons_learned': 'Security gaps in DevOps automation tooling and '
'configurations can expose critical infrastructure to '
'exploitation. Emphasis on secure defaults, input '
'validation, and least-privilege access is critical.',
'post_incident_analysis': {'corrective_actions': ['Disabling unsafe execution '
'modes',
'Enforcing least-privilege '
'access',
'Input validation'],
'root_causes': ['Unsafe workspace trust handling',
'Bypass of tool allowlisting under '
'--yolo mode']},
'recommendations': ['Disable unsafe execution modes like --yolo',
'Enforce least-privilege access for CI/CD runners and '
'tokens',
'Validate all inputs before processing in automated '
'workflows',
'Regularly audit DevOps tooling for security '
'vulnerabilities'],
'response': {'containment_measures': ['Disabling unsafe execution modes',
'Enforcing least-privilege access for '
'runners and tokens'],
'remediation_measures': ['Validating inputs before execution']},
'title': 'Critical Gemini CLI Vulnerability Exposes CI/CD Pipelines to Remote '
'Code Execution',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': ['Unsafe workspace trust handling',
'Bypass of tool allowlisting under --yolo mode']}