Critical Gemini CLI Flaw Enabled Host Code Execution and Supply Chain Attacks

A critical vulnerability in Google’s Gemini CLI allowed an attacker to plant a malicious configuration file that executed arbitrary commands outside the tool’s sandboxed environment. The flaw created a supply chain attack vector: a poisoned config committed to a shared repository could silently execute code on any developer machine running the CLI against that project. The vulnerability has been patched by Google.

Developers using Gemini CLI should update to the latest version immediately. Audit any third-party or shared configuration files included in projects that use the CLI, and treat unexpected config changes as an indicator of compromise.