CVE-2026-0755 — gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via pr

描述

Untrusted prompt input could reach the Gemini CLI @file parser, allowing read/exfiltration of arbitrary local files (@/etc/passwd, @~/.ssh/id_rsa, @../../secret). On Windows, unquoted cmd.exe metacharacters could break out into OS command injection. Fix (1.1.6): removed the broken shell:false double-quote wrapping; added assertSafeFileReferences() to contain @file refs to the working directory; hardened Windows cmd.exe argument quoting.

如何修補 CVE-2026-0755

要修補 CVE-2026-0755,請將受影響套件升級到下列已修補版本。

—升級至 1.1.6 或更新版本

CVE-2026-0755 正在被利用嗎?

目前沒有被利用訊號。CVE-2026-0755 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(1)

>= 1.1.2, < 1.1.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-0755
PATCHgithub.com/jamubc/gemini-mcp-tool
WEBgithub.com/jamubc/gemini-mcp-tool/security/advisories/GHSA-4h5r-5jm8-jxjm
WEBwww.zerodayinitiative.com/advisories/ZDI-26-021