Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
- Severity:
- High
Description
Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions.
Recommendation
Update the @google/gemini-cli package to the latest compatible version. Followings are version details:
Affected version(s): **= 0.40.0-preview.2 ย < 0.39.1** Patched version(s): **0.40.0-preview.3 ย 0.39.1**
References
Related Issues
- @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - paperclipai - CVE-2026-41679
- FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass - CVE-2026-43947
- Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package - CVE-2025-68619
You might also like:
- Tags:
- npm
- @google/gemini-cli
Anything's wrong? Let us know Last updated on April 25, 2026


