{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig4korlzogkdki5irodrnyj5ccvuwwnf2mjm4qnsl7nss6ll6rfte",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mkjirdagsv32"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiexsvzlwpu3daxze7jxmadgdyuqr47jjeo3y5as5vee5idhhthwaa"
    },
    "mimeType": "image/webp",
    "size": 23540
  },
  "path": "/critical-gemini-cli-flaw-lets-attackers-target-ci-workflows-with-remote-code-execution/",
  "publishedAt": "2026-04-27T17:08:01.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Critical Gemini CLI Flaw Lets Attackers Target CI Workflows With Remote Code Execution",
    "VPN Central",
    "@google"
  ],
  "textContent": "Google has patched a critical Gemini CLI vulnerability that could allow remote code execution in automated development workflows. The issue affects the npm package @google/gemini-cli and the official google-github-actions/run-gemini-cli GitHub Action. The highest risk applies to headless environments, especially CI/CD pipelines that process pull requests, issues, comments, or files from outside contributors. The flaw is […]\n\nThe post Critical Gemini CLI Flaw Lets Attackers Target CI Workflows With Remote Code Execution appeared first on VPN Central.",
  "title": "Critical Gemini CLI Flaw Lets Attackers Target CI Workflows With Remote Code Execution"
}