Filtered by vendor Gemini Mcp Tool
Subscriptions
Filtered by product Gemini-mcp-tool
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0755 | 1 Gemini Mcp Tool | 1 Gemini-mcp-tool | 2026-01-23 | N/A |
| gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783. | ||||
Page 1 of 1.