Security researchers at Tracebit have discovered a critical vulnerability in Google’s Gemini CLI that enables attackers to silently execute malicious commands on developers’ systems through a sophisticated combination of prompt injection, improper validation, and misleading user interface design.
The vulnerability, classified as a P1/S1 issue by Google’s security team, has been patched in the latest release following responsible disclosure.
https://gbhackers.com/gemini-cli-vulnerability/