PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12537 Google Cloud CVE debrief

CVE-2026-12537 is a critical vulnerability with a CVSS score of 10, affecting Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22. The vulnerability is caused by improper neutralization used in an OS command in the container launcher, allowing an unprivileged attacker to achieve pre-sandbox host-level code execution via a maliciously crafted .gemini/.env file. This vulnerability was published on June 24, 2026, and modified on July 2, 2026. The CVE record and NVD detail provide further information on this vulnerability.

Vendor
Google Cloud
Product
Gemini CLI
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-24
Original CVE updated
2026-07-02
Advisory published
2026-06-24
Advisory updated
2026-07-02

Who should care

Security teams and administrators responsible for Google Gemini CLI and run-gemini-cli GitHub Action deployments should be aware of this critical vulnerability. Affected versions of these tools are vulnerable to pre-sandbox host-level code execution, which could lead to severe consequences if exploited. Users of these tools should prioritize patching to prevent potential attacks.

Technical summary

The vulnerability is caused by improper neutralization used in an OS command in the container launcher of Google Gemini CLI and run-gemini-cli GitHub Action. This allows an unprivileged attacker to execute code on the host system before sandboxing, potentially leading to a complete compromise of the system. The vulnerability has a CVSS score of 10, indicating the highest severity. Affected versions include Google Gemini CLI prior to 0.39.1 and run-gemini-cli GitHub Action prior to 0.1.22.

Defensive priority

This vulnerability should be prioritized for immediate patching due to its critical severity and potential for pre-sandbox host-level code execution. Security teams should ensure that all affected deployments are updated to the latest patched versions of Google Gemini CLI and run-gemini-cli GitHub Action.

Recommended defensive actions

  • Patch Google Gemini CLI to version 0.39.1 or later
  • Patch run-gemini-cli GitHub Action to version 0.1.22 or later
  • Review and update affected deployments to ensure they are using patched versions
  • Monitor for potential exploitation attempts
  • Implement additional security measures to detect and prevent similar attacks

Evidence notes

The CVE record and NVD detail provide official information on this vulnerability. The vendor advisory and patch information are available through the GitHub advisory page. The vulnerability has been analyzed and has a CVSS score of 10, indicating the highest severity.

Official resources

This article is AI-assisted and based on the supplied source corpus.