Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Posted on By CWS

A important zero‑day vulnerability in Gemini MCP Device exposes customers to distant code execution (RCE) assaults with none authentication.

Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a most CVSS v3.1 rating of 9.8, reflecting its ease of exploitation and extreme affect.

In response to a brand new advisory from Development Micro’s Zero Day Initiative (ZDI), the difficulty impacts the open‑supply gemini-mcp-tool, a utility designed to combine Gemini fashions with Mannequin Context Protocol (MCP) companies.

Vulnerability Overview

Each the seller and product are listed as Gemini MCP Device / gemini-mcp-tool within the advisory. On the core of the vulnerability is the improper dealing with of person‑equipped enter within the execAsync methodology.

This operate passes enter straight right into a system name with out satisfactory validation or sanitization.

A distant attacker can exploit this command injection weak point to execute arbitrary code on the underlying system, working with the privileges of the service account.

FieldInformationCVE IDCVE-2026-07550‑Day Namegemini-mcp-tool execAsync Command Injection RCE VulnerabilityCVSS v3.1 Score9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Affected Productgemini-mcp-toolImpactRemote, unauthenticated arbitrary code execution

As a result of the assault vector is community‑based mostly and requires no prior authentication or person interplay, web‑uncovered or shared environments are at notably excessive threat.

The vulnerability was initially reported to the seller on July 25, 2025, through a 3rd‑social gathering platform.

ZDI adopted up for updates in November 2025 and, after receiving no enough response, knowledgeable the seller on December 14, 2025 of its intention to publish the case as a zero‑day advisory.

The coordinated public disclosure and advisory replace occurred on January 9, 2026.

On the time of publication, no official patch or replace has been documented. Because of this, mitigation choices are restricted.

ZDI recommends strictly proscribing entry to the Gemini MCP Device by making certain it isn’t straight uncovered to the web and limiting interplay to trusted networks and customers.

Directors also needs to monitor methods working gemini-mcp-tool for suspicious course of execution and strange outbound connections that would point out profitable exploitation.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily Cyber Security News
China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware Cyber Security News
Multiple Vulnerabilities in Tridium Niagara Framework Cyber Security News
UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details Cyber Security News
Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware Cyber Security News
Microsoft Details on Fixing Error “Identify Which Process Is Blocking a File in Windows” With Built-in Tools Cyber Security News