Loading market data...
← Back to CVE feed

CVE-2026-12537

UNKNOWN View on NVD ↗

Description

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.

Published: Jun 24, 2026 14:17 UTC Modified: Jun 24, 2026 15:16 UTC