Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Description

Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions.

Recommendation

Update the @google/gemini-cli package to the latest compatible version. Followings are version details:

• Affected version(s): **= 0.40.0-preview.2

  < 0.39.1**

• Patched version(s): **0.40.0-preview.3

  0.39.1**

References

• GHSA-wpqr-6v78-jr5g
• CWE-20
• CWE-200
• CWE-77
• CWE-78
• OWASP 2021-A1
• OWASP 2021-A3

Related Issues

• @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
• @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plug - Vulnerability
• FUXA Unauthenticated Remote Code Execution via Admin JWT Minting - CVE-2026-25893
• FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass - CVE-2026-43947

You might also like:

SmartScanner 2.3: Smarter JavaScript Detection, Faster Scans, and Powerful CLI Enhancements

🚀 SmartScanner 2.5 Is Here: Advanced Vulnerability Detection and Powerful New CLI Capabilities

Update Cheat Sheet for Developers

Tags:

npm

@google/gemini-cli