{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0755", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-01-08T22:49:24.875Z", "datePublished": "2026-01-23T03:26:16.000Z", "dateUpdated": "2026-01-23T19:35:07.197Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-01-23T03:26:16.000Z"}, "title": "gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783."}], "affected": [{"vendor": "Gemini MCP Tool", "product": "gemini-mcp-tool", "versions": [{"version": "1.1.2", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-021/", "name": "ZDI-26-021", "tags": ["x_research-advisory"]}], "dateAssigned": "2026-01-08T22:49:24.928Z", "datePublic": "2026-01-09T16:17:16.515Z", "source": {"lang": "en", "value": "Peter Girnus (@gothburz) of Trend Research"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T19:34:56.695313Z", "id": "CVE-2026-0755", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T19:35:07.197Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0755", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-23T19:34:56.695313Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T19:35:02.399Z"}}], "cna": {"title": "gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Peter Girnus (@gothburz) of Trend Research"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Gemini MCP Tool", "product": "gemini-mcp-tool", "versions": [{"status": "affected", "version": "1.1.2"}], "defaultStatus": "unknown"}], "datePublic": "2026-01-09T16:17:16.515Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-021/", "name": "ZDI-26-021", "tags": ["x_research-advisory"]}], "dateAssigned": "2026-01-08T22:49:24.928Z", "descriptions": [{"lang": "en", "value": "gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-01-23T03:26:16.000Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0755", "state": "PUBLISHED", "dateUpdated": "2026-01-23T19:35:07.197Z", "dateReserved": "2026-01-08T22:49:24.875Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-01-23T03:26:16.000Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de comandos y ejecuci\u00f3n remota de c\u00f3digo en gemini-mcp-tool execAsync. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de gemini-mcp-tool. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad.\n\nLa falla espec\u00edfica existe dentro de la implementaci\u00f3n del m\u00e9todo execAsync. El problema resulta de la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Fue ZDI-CAN-27783."}], "id": "CVE-2026-0755", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-01-23T04:16:02.017", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-021/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:21:07.422188+00:00", "value": {"mitigation_remediation": ["Apply the latest Gemini MCP Tool patch or upgrade to a version that removes the vulnerable execAsync functionality.", "Configure firewall or network controls to limit access to the service to only trusted hosts and networks.", "If the execAsync feature is not required, disable or remove it from the deployment to eliminate the attack surface."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Gemini MCP Tool installations are impacted, regardless of version, as the flaw exists in the core implementation of the execAsync method. Users running this tool in any environment should verify whether the software is deployed and consider it vulnerable until patched.", "description_and_impact": "The execAsync method of Gemini MCP Tool lacks proper validation of user\u2011supplied strings before executing them as system commands, enabling attackers to inject arbitrary shell instructions. This flaw permits the execution of code without any authentication, and the code runs with the privileges of the service account. The vulnerability is a classic command injection, classified as CWE\u201178, and can allow attackers to compromise the entire host if they can reach the vulnerable endpoint.", "risk_and_exploitability": "The CVSS score of 9.8 indicates extremely high severity, and although the EPSS score is below 1%, meaning current exploitation activity appears low, the potential for a successful attack remains significant due to the lack of authentication requirement. The vulnerability is not listed in CISA\u2019s KEV catalog, but the critical nature of the flaw and the high impact warrant immediate attention. Attackers can remotely craft malicious input to the execAsync interface and trigger arbitrary code execution in the context of the service account, which may lead to privilege escalation, data loss, or denial of service."}}}}, "created": "2026-01-23T10:26:47.266366+00:00", "updated": "2026-04-18T03:30:25.908461+00:00", "vendors": ["gemini_mcp_tool", "gemini_mcp_tool$PRODUCT$gemini-mcp-tool"]}