Zurück zur Liste

gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755) — CVE-2026-0755

GitHub · GitHub · CVE-2026-0755

ID
CVE-2026-0755

Datum
2026-06-18

Activity
2026-06-18

Quelle
GitHub

Vendor
GitHub

Risiko
critical

CVSS
9.8

EPSS
0.00473

Zusammenfassung

Untrusted prompt input could reach the Gemini CLI @file parser, allowing read/exfiltration of arbitrary local files (@/etc/passwd, @~/.ssh/id_rsa, @../../secret). On Windows, unquoted cmd.exe metacharacters could break out into OS command injection. Fix (1.1.6): removed the broken shell:false double-quote wrapping; added assertSafeFileReferences() to contain @file refs to the working directory; hardened Windows…

Produkt

npm: gemini-mcp-tool

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Mehr dazu

GitHub GitHub 2026-W25

@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

2026-06-20 GHSA-H5X8-XP6M-X6Q4

highGitHub GitHub 2026-W25

Anki: User scripts in iframes have access to the internal Anki API

2026-06-20 GHSA-CW6H-FFMH-X6VH

mediumGitHub GitHub 2026-W25

Anki's local HTTP server does not sufficiently validate requests

2026-06-20 GHSA-869J-R97X-HX2G

highGitHub GitHub 2026-W25

ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

2026-06-20 GHSA-WVRH-2F4M-924V

mediumGitHub GitHub 2026-W25

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

2026-06-20 CVE-2026-11941

mediumGitHub GitHub 2026-W25

githubtoplanguages: Command Injection via Issue Title in Discord Notification Workflow

2026-06-20 GHSA-C3XH-98XP-6QHF

highGitHub GitHub 2026-W25