Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek.
A critical vulnerability in Gemini CLI could have allowed attackers to mount a supply chain attack via indirect prompts injected into a GitHub issue, Pillar Security warns.
Gemini CLI is the open source AI agent that provides access to Google’s Gemini AI assistant directly from a terminal.
The security defect, assigned a CVSS score of 10/10 but no CVE identifier, existed because Gemini CLI in –yolo mode would ignore tool allowlists, leading to the execution of any command.
Related breach coverage
- Cisco Patches High-Severity Vulnerabilities in Enterprise Products2026-05-07
Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek.
- AI Coding Agents Could Fuel Next Supply Chain Crisis2026-05-07
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek.
- Critical Remote Code Execution Vulnerability Patched in Android2026-05-05
CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.
- Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server2026-05-05
The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.