CVE-2026-12537: CWE-20 Improper Input Validation in Google Cloud Gemini CLI
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.
AI Analysis
Technical Summary
CVE-2026-12537 is an improper input validation vulnerability (CWE-20) in the container launcher component of Google Cloud Gemini CLI (versions <0.39.1) and the run-gemini-cli GitHub Action (versions <0.1.22) used on headless CI platforms. The flaw involves improper neutralization of OS commands, allowing an attacker who can supply a malicious .gemini/.env file to achieve pre-sandbox host-level code execution without privileges. The vulnerability has a critical CVSS 4.0 score of 10, indicating network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The affected product is a cloud service, and Google Cloud manages remediation for this service.
Potential Impact
An unprivileged attacker can achieve host-level code execution before sandboxing by exploiting improper input validation in the container launcher of Google Cloud Gemini CLI and its GitHub Action on headless CI platforms. This can lead to full compromise of the host environment, affecting confidentiality, integrity, and availability of the system. The vulnerability is critical with a CVSS 4.0 score of 10.
Mitigation Recommendations
A patch is available for this vulnerability. Since Gemini CLI is a cloud-hosted service, Google Cloud manages remediation server-side. Users should ensure they are using Gemini CLI version 0.39.1 or later and run-gemini-cli GitHub Action version 0.1.22 or later. Check the official Google Cloud advisory for confirmation and apply updates accordingly.
CVE-2026-12537: CWE-20 Improper Input Validation in Google Cloud Gemini CLI
Description
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.
CVSS v4.0
Score 10.0critical
Affected software
pkg:github/google-github-actions/run-gemini-clipkg:github/google-cloud/gemini-cliRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12537 is an improper input validation vulnerability (CWE-20) in the container launcher component of Google Cloud Gemini CLI (versions <0.39.1) and the run-gemini-cli GitHub Action (versions <0.1.22) used on headless CI platforms. The flaw involves improper neutralization of OS commands, allowing an attacker who can supply a malicious .gemini/.env file to achieve pre-sandbox host-level code execution without privileges. The vulnerability has a critical CVSS 4.0 score of 10, indicating network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The affected product is a cloud service, and Google Cloud manages remediation for this service.
Potential Impact
An unprivileged attacker can achieve host-level code execution before sandboxing by exploiting improper input validation in the container launcher of Google Cloud Gemini CLI and its GitHub Action on headless CI platforms. This can lead to full compromise of the host environment, affecting confidentiality, integrity, and availability of the system. The vulnerability is critical with a CVSS 4.0 score of 10.
Mitigation Recommendations
A patch is available for this vulnerability. Since Gemini CLI is a cloud-hosted service, Google Cloud manages remediation server-side. Users should ensure they are using Gemini CLI version 0.39.1 or later and run-gemini-cli GitHub Action version 0.1.22 or later. Check the official Google Cloud advisory for confirmation and apply updates accordingly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GoogleCloud
- Date Reserved
- 2026-06-17T15:08:00.562Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a3be194eed863c81eeb9649
Added to database: 06/24/2026, 13:54:28 UTC
Last enriched: 06/24/2026, 14:09:34 UTC
Last updated: 06/24/2026, 15:06:08 UTC
Views: 22
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.