| Summary | Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file. |
|---|---|
| Publication Date | June 24, 2026, 11:17 p.m. |
| Registration Date | June 27, 2026, 4:18 a.m. |
| Last Update | June 26, 2026, 4:51 a.m. |