PatchSiren cyber security CVE debrief
CVE-2026-12537 Google Cloud CVE debrief
CVE-2026-12537 is a critical vulnerability with a CVSS score of 10, affecting Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22. The vulnerability is caused by improper neutralization used in an OS command in the container launcher, allowing an unprivileged attacker to achieve pre-sandbox host-level code execution via a maliciously crafted .gemini/.env file. This vulnerability was published on June 24, 2026, and modified on July 2, 2026. The CVE record and NVD detail provide further information on this vulnerability.
- Vendor
- Google Cloud
- Product
- Gemini CLI
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-07-02
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-07-02
Who should care
Security teams and administrators responsible for Google Gemini CLI and run-gemini-cli GitHub Action deployments should be aware of this critical vulnerability. Affected versions of these tools are vulnerable to pre-sandbox host-level code execution, which could lead to severe consequences if exploited. Users of these tools should prioritize patching to prevent potential attacks.
Technical summary
The vulnerability is caused by improper neutralization used in an OS command in the container launcher of Google Gemini CLI and run-gemini-cli GitHub Action. This allows an unprivileged attacker to execute code on the host system before sandboxing, potentially leading to a complete compromise of the system. The vulnerability has a CVSS score of 10, indicating the highest severity. Affected versions include Google Gemini CLI prior to 0.39.1 and run-gemini-cli GitHub Action prior to 0.1.22.
Defensive priority
This vulnerability should be prioritized for immediate patching due to its critical severity and potential for pre-sandbox host-level code execution. Security teams should ensure that all affected deployments are updated to the latest patched versions of Google Gemini CLI and run-gemini-cli GitHub Action.
Recommended defensive actions
- Patch Google Gemini CLI to version 0.39.1 or later
- Patch run-gemini-cli GitHub Action to version 0.1.22 or later
- Review and update affected deployments to ensure they are using patched versions
- Monitor for potential exploitation attempts
- Implement additional security measures to detect and prevent similar attacks
Evidence notes
The CVE record and NVD detail provide official information on this vulnerability. The vendor advisory and patch information are available through the GitHub advisory page. The vulnerability has been analyzed and has a CVSS score of 10, indicating the highest severity.
Official resources
-
CVE-2026-12537 CVE record
CVE.org
-
CVE-2026-12537 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
f45cbf4e-4146-4068-b7e1-655ffc2c548c - Vendor Advisory, Patch
This article is AI-assisted and based on the supplied source corpus.