A important zero‑day vulnerability in Gemini MCP Device exposes customers to distant code execution (RCE) assaults with none authentication.
Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a most CVSS v3.1 rating of 9.8, reflecting its ease of exploitation and extreme affect.
In response to a brand new advisory from Development Micro’s Zero Day Initiative (ZDI), the difficulty impacts the open‑supply gemini-mcp-tool, a utility designed to combine Gemini fashions with Mannequin Context Protocol (MCP) companies.
Vulnerability Overview
Each the seller and product are listed as Gemini MCP Device / gemini-mcp-tool within the advisory. On the core of the vulnerability is the improper dealing with of person‑equipped enter within the execAsync methodology.
This operate passes enter straight right into a system name with out satisfactory validation or sanitization.
A distant attacker can exploit this command injection weak point to execute arbitrary code on the underlying system, working with the privileges of the service account.
FieldInformationCVE IDCVE-2026-07550‑Day Namegemini-mcp-tool execAsync Command Injection RCE VulnerabilityCVSS v3.1 Score9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Affected Productgemini-mcp-toolImpactRemote, unauthenticated arbitrary code execution
As a result of the assault vector is community‑based mostly and requires no prior authentication or person interplay, web‑uncovered or shared environments are at notably excessive threat.
The vulnerability was initially reported to the seller on July 25, 2025, through a 3rd‑social gathering platform.
ZDI adopted up for updates in November 2025 and, after receiving no enough response, knowledgeable the seller on December 14, 2025 of its intention to publish the case as a zero‑day advisory.
The coordinated public disclosure and advisory replace occurred on January 9, 2026.
On the time of publication, no official patch or replace has been documented. Because of this, mitigation choices are restricted.
ZDI recommends strictly proscribing entry to the Gemini MCP Device by making certain it isn’t straight uncovered to the web and limiting interplay to trusted networks and customers.
Directors also needs to monitor methods working gemini-mcp-tool for suspicious course of execution and strange outbound connections that would point out profitable exploitation.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
