{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifhm4xeqeqn7m43edomf3ah3e5jkpzjq7fn6ptsundjqytglclo3u",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mkp7phuqw6j2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihlkbe4vegjtgjlwswwsh5x756thxlvqas5ejr4ta2c5uj77vediq"
    },
    "mimeType": "image/jpeg",
    "size": 329290
  },
  "path": "/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html",
  "publishedAt": "2026-04-30T07:07:00.000Z",
  "site": "https://thehackernews.com",
  "tags": [
    "@google"
  ],
  "textContent": "Google has addressed a maximum severity security flaw in Gemini CLI -- the \"@google/gemini-cli\" npm package and the \"google-github-actions/run-gemini-cli\" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems.\n\"The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,\"",
  "title": "Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution"
}