Critical Gemini CLI Flaw Lets Attackers Target CI Workflows With Remote Code Execution

Google has patched a critical Gemini CLI vulnerability that could allow remote code execution in automated development workflows. The issue affects the npm package @google/gemini-cli and the official google-github-actions/run-gemini-cli GitHub Action. The highest risk applies to headless environments, especially CI/CD pipelines that process pull requests, issues, comments, or files from outside contributors. The flaw is […] The post Critical Gemini CLI Flaw Lets Attackers Target CI Workflows With Remote Code Execution appeared first on VPN Central.