Supply chain threat: Critical vulnerability discovered in Google’s Gemini CLI
Security experts at Pillar Security have discovered a critical vulnerability in Gemini CLI, the open-source tool that brings Google’s AI assistant Gemini directly into the terminal. The flaw allowed attackers to take control of AI agents through indirect prompt injections into GitHub issues. In the worst-case scenario, this could have led to a complete compromise of the software supply chain. Although the vulnerability was rated as extremely critical with a CVSS score of 10/10, no official CVE number has yet been assigned. Google has already addressed the issue with an update.
The core of the security issue lay in Gemini CLI’s so-called –yolo mode. This mode is designed to execute tasks automatically and without manual user confirmation. AI agents typically have security mechanisms like allowlists that define which system commands or tools the AI is permitted to invoke.
However, Pillar Security’s investigation revealed that Gemini CLI ignored these protection lists in –yolo mode. In practice, this meant the AI agent executed any command it deemed necessary for its task or that an attacker might insert. This misconfiguration transformed a useful automation tool into a potential tool for malicious code execution.
(src)
#folyhuck
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!
