Back to Intelligence

CVSS 10.0 Google Gemini CLI CI RCE: Detection and Remediation

SA
Security Arsenal Team
April 30, 2026
5 min read

Google has addressed a critical security vulnerability (CVSS 10.0) affecting the @google/gemini-cli npm package and the associated google-github-actions/run-gemini-cli workflow. This flaw represents a severe risk to software supply chains and CI/CD pipelines.

The vulnerability permits an unprivileged external attacker to force the loading of malicious content as Gemini configuration, leading to arbitrary command execution on the host system. Given the prevalence of automation in modern development environments, this flaw provides an easy vector for attackers to pivot from a compromised dependency or poisoned repository to a complete takeover of build infrastructure. Defenders must treat this as a critical emergency and prioritize the identification and patching of these packages immediately.

Technical Analysis

  • Affected Products:
    • @google/gemini-cli (npm package)
    • google-github-actions/run-gemini-cli (GitHub Actions workflow)
  • Severity: CVSS 10.0 (Critical)
  • Vulnerability Mechanism: The vulnerability stems from insufficient validation of external inputs that are used to generate or load Gemini configuration files. By manipulating these inputs, an attacker can inject arbitrary configuration directives. When the CLI processes this malicious configuration, it triggers a chain of events that results in the execution of arbitrary commands with the privileges of the user or service running the CLI.
  • Exploitation Requirements: Exploitation does not require authentication or local system access. An attacker with the ability to influence the input sources (e.g., via a man-in-the-middle attack, a compromised package repository, or a malicious pull request in a CI context) can trigger the vulnerability.
  • Exploitation Status: While specific in-the-wild exploitation has not been universally confirmed at the time of writing, the simplicity of the attack path (input injection to RCE) and the high value of CI/CD targets make active exploitation highly likely in the near term.

Detection & Response

Detection of this vulnerability relies on identifying the execution of the vulnerable components or monitoring for suspicious child processes spawned by the Node.js runtime when these tools are in use.

SIGMA Rules

YAML
---
title: Potential Execution of Vulnerable Google Gemini CLI
id: 8a4b2c1d-5e6f-4a3b-8c9d-1e2f3a4b5c6d
status: experimental
description: Detects the execution of the vulnerable @google/gemini-cli package via npm, npx, or node. This indicates a host that needs immediate patching.
references:
  - https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.execution
  - attack.t1059.001
logsource:
  category: process_creation
  product: windows
  # Note: Add linux/mac definitions if applicable to your environment
detection:
  selection:
    CommandLine|contains:
      - 'gemini-cli'
      - '@google/gemini-cli'
      - 'run-gemini-cli'
  condition: selection
falsepositives:
  - Legitimate developer usage of Gemini CLI (Verify patched version)
level: high
---
title: Google Gemini CLI Spawning Shells (Potential Exploitation)
id: 9c5d3e2f-6f7a-5b4c-9d0e-2f3a4b5c6d7e
status: experimental
description: Detects the Google Gemini CLI process spawning shell commands, which may indicate successful RCE exploitation.
references:
  - https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.execution
  - attack.t1059
logsource:
  category: process_creation
  product: windows
detection:
  parent_cli:
    ParentImage|contains: 'node.exe'
    ParentCommandLine|contains:
      - 'gemini-cli'
  child_shell:
    Image|endswith:
      - '\cmd.exe'
      - '\powershell.exe'
      - '\bash.exe'
  condition: all of parent_cli and child_shell
falsepositives:
  - Legitimate developer scripts invoking shells via CLI tools
level: critical

KQL (Microsoft Sentinel)

This query hunts for process creation events related to the vulnerable CLI execution.

KQL — Microsoft Sentinel / Defender
DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessCommandLine has "@google/gemini-cli" 
   or ProcessCommandLine has "run-gemini-cli" 
   or ProcessCommandLine has "google-github-actions"
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, FolderPath, InitiatingProcessFileName
| order by Timestamp desc

Velociraptor VQL

Hunt for the presence of the vulnerable package in the environment and its execution history.

VQL — Velociraptor
-- Hunt for the gemini-cli package installation
SELECT FullPath, Size, Mtime
FROM glob(globs='**/node_modules/@google/gemini-cli/**')

-- Hunt for recent execution of the CLI
SELECT Pid, Name, CommandLine, Exe, Username, StartTime
FROM pslist()
WHERE Name =~ 'node' AND CommandLine =~ 'gemini-cli'

Remediation Script (Bash)

Use this script to audit and force-update the vulnerable npm package on Linux/macOS CI runners or developer workstations.

Bash / Shell
#!/bin/bash

# Audit and Remediation Script for Google Gemini CLI Vulnerability
# Checks for @google/gemini-cli and forces an update to the latest secure version

echo "[*] Auditing @google/gemini-cli installation..."

# Check if package is installed globally
if npm list -g @google/gemini-cli 2>/dev/null | grep -q @google/gemini-cli; then
    echo "[!] Vulnerable package found globally. Updating..."
    npm update -g @google/gemini-cli
else
    echo "[+] No global installation found."
fi

# Check local projects (requires traversing directories, example for current dir)
if [ -f "package." ]; then
    echo "[*] Checking local project..."
    if npm list @google/gemini-cli 2>/dev/null | grep -q @google/gemini-cli; then
        echo "[!] Vulnerable package found locally. Updating..."
        npm update @google/gemini-cli
        # Force install latest if update doesn't resolve version conflict
        npm install @google/gemini-cli@latest
    else
        echo "[+] No local installation found in current directory."
    fi
fi

echo "[*] Audit complete. Please verify CI/CD pipeline versions manually."

Remediation

1. Immediate Patching:

SQL
Update the `@google/gemini-cli` npm package to the latest patched version immediately.
  • Command: npm update @google/gemini-cli or npm install @google/gemini-cli@latest

2. GitHub Actions Update: If utilizing the google-github-actions/run-gemini-cli workflow in your CI/CD pipelines:

  • Update the workflow reference to use the latest version tag (e.g., @vX.X.X or @main if pinning to a branch, though tags are recommended).
  • Re-run any failed workflows that may have been impacted by previous aborted runs to ensure clean state.

3. Supply Chain Verification:

  • Audit your package-lock., yarn.lock, and pnpm-lock.yaml files to ensure no residual dependency trees are holding back the update.
  • Review CI/CD logs for the past 30 days for any anomalous command executions originating from the Gemini CLI runner.

4. Advisory References:

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub

sigma-rulekql-detectionthreat-huntingdetection-engineeringsiem-detectiongooglegemini-clirce

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action