CVE-2026-12537
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A vulnerability in Google Gemini CLI and run-gemini-cli GitHub Action allows an unprivileged attacker to execute host-level code before sandboxing via a maliciously crafted .gemini/.env file. The issue affects CLI versions before 0.39.1 and Action versions before 0.1.22 on headless CI platforms.
Risk Assessment
An attacker can gain full control over the CI host, leading to data theft, artifact modification, or further attacks on the organization's infrastructure.
Recommendation
Immediately update Google Gemini CLI to version 0.39.1 or later and run-gemini-cli GitHub Action to version 0.1.22 or later. Additionally, audit .gemini/.env files in repositories.
Original NVD description (English source)
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.

