Critical Zero-Day Vulnerability in Gemini MCP Tool Enables Unauthenticated RCE Attacks
A severe zero-day vulnerability in the Gemini MCP Tool (tracked as CVE-2026-0755, ZDI-26-021, and ZDI-CAN-27783) has been disclosed, allowing remote attackers to execute arbitrary code without authentication. The flaw, rated 9.8 (Critical) on the CVSS v3.1 scale, stems from improper input validation in the tool’s execAsync method, enabling command injection attacks.
The vulnerability affects the open-source gemini-mcp-tool, a utility designed to integrate Gemini models with Model Context Protocol (MCP) services. Exploitation requires no user interaction, making internet-exposed or shared environments particularly vulnerable. Attackers can gain control of the underlying system with the privileges of the service account.
The issue was first reported to the vendor on July 25, 2025, via a third-party platform. After follow-ups in November 2025 and a final notice on December 14, 2025, Trend Micro’s Zero Day Initiative (ZDI) proceeded with public disclosure on January 9, 2026, due to insufficient vendor response. As of publication, no official patch has been released.
Until a fix is available, ZDI recommends restricting access to the tool by avoiding direct internet exposure and limiting interactions to trusted networks. Administrators should also monitor systems for suspicious process execution and unusual outbound connections.
Source: https://cybersecuritynews.com/gemini-mcp-tool-0-day-vulnerability/
Ogment AI cybersecurity rating report: https://www.rankiteo.com/company/ogment-ai
"id": "OGM1769618528",
"linkid": "ogment-ai",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology/AI',
'name': 'Gemini MCP Tool (open-source)',
'type': 'Software'}],
'attack_vector': 'Remote',
'date_detected': '2025-07-25',
'date_publicly_disclosed': '2026-01-09',
'description': 'A severe zero-day vulnerability in the Gemini MCP Tool '
'(tracked as CVE-2026-0755, ZDI-26-021, and ZDI-CAN-27783) has '
'been disclosed, allowing remote attackers to execute '
'arbitrary code without authentication. The flaw, rated 9.8 '
'(Critical) on the CVSS v3.1 scale, stems from improper input '
'validation in the tool’s execAsync method, enabling command '
'injection attacks. The vulnerability affects the open-source '
'gemini-mcp-tool, a utility designed to integrate Gemini '
'models with Model Context Protocol (MCP) services. '
'Exploitation requires no user interaction, making '
'internet-exposed or shared environments particularly '
'vulnerable. Attackers can gain control of the underlying '
'system with the privileges of the service account.',
'impact': {'operational_impact': 'Unauthenticated remote code execution (RCE)',
'systems_affected': 'Systems running gemini-mcp-tool'},
'investigation_status': 'Publicly disclosed, no patch available',
'post_incident_analysis': {'root_causes': 'Improper input validation in the '
'execAsync method'},
'recommendations': 'Restrict access to the tool by avoiding direct internet '
'exposure and limiting interactions to trusted networks. '
'Monitor systems for suspicious process execution and '
'unusual outbound connections.',
'references': [{'source': 'Trend Micro’s Zero Day Initiative (ZDI)'}],
'response': {'containment_measures': 'Restrict access to the tool by avoiding '
'direct internet exposure and limiting '
'interactions to trusted networks',
'enhanced_monitoring': 'Monitor systems for suspicious process '
'execution and unusual outbound '
'connections',
'third_party_assistance': 'Trend Micro’s Zero Day Initiative '
'(ZDI)'},
'title': 'Critical Zero-Day Vulnerability in Gemini MCP Tool Enables '
'Unauthenticated RCE Attacks',
'type': 'Zero-Day Vulnerability',
'vulnerability_exploited': 'CVE-2026-0755 (ZDI-26-021, ZDI-CAN-27783)'}