Flaw in Gemini CLI AI Coding Assistant Allowed Stealthy Code Execution

Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration

Researchers have disclosed a vulnerability in Gemini Command Line Interface (CLI), Google’s latest piece of “agentic” AI software for code development. The flaw, which was reported to Google and patched prior to disclosure, would have allowed an attacker to silently execute arbitrary code on a user’s machine. In one video demonstration, a researcher interacts with Gemini CLI while setting up a separate listening server to see how the agent was p…

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.

Gemini CLI Vulnerability Allows Silent Execution of Malicious Commands on Developer Systems

Security researchers at Tracebit have discovered a critical vulnerability in Google’s Gemini CLI that enables attackers to silently execute malicious commands on developers’ systems through a sophisticated combination of prompt injection, improper validation, and misleading user interface design. The vulnerability, classified as a P1/S1 issue by Google’s security team, has been patched in the latest […] The post Gemini CLI Vulnerability Allows S…

Google Gemini Deletes User Code, Apologizes for ‘Complete and Catastrophic’ Failure

A GitHub user recently shared a concerning experience where Google Gemini’s coding agent hallucinated while performing a task, resulting in the deletion of multiple files. Anuraag Gupta, known as anuraag2601 on GitHub and a product lead at cybersecurity firm Cyware, posted about the incident with Gemini CLI, an open-source coding agent. Gupta clarified he’s not a developer but a “curious PM experimenting with vibe coding.” In an interview, he de…