A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication.
The vulnerability, tracked as CVE-2026-0755 with a CVSS score of 9.8, represents a severe risk to systems utilizing this tool in production environments.
Vulnerability Overview
The flaw resides within the execAsync method implementation of gemini-mcp-tool, where insufficient validation of user-supplied input enables command injection attacks.
Attackers can craft malicious strings that bypass input validation mechanisms, allowing arbitrary system commands to execute in the context of the service account.
This vulnerability is network-accessible and requires no special privileges or complex exploitation techniques, making it trivial to weaponize at scale.
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-0755 |
| ZDI ID | ZDI-26-021, ZDI-CAN-27783 |
| CVSS Score | 9.8 (Critical) |
The zero-day was assigned ZDI-26-021 and ZDI-CAN-27783 identifiers by Trend Micro’s Zero Day Initiative before coordinated public disclosure.
Peter Girnus from Trend Research is credited with discovering and reporting this critical vulnerability.
The vulnerability followed a responsible disclosure process spanning six months. Trend Micro’s Zero Day Initiative initially reported the issue to the vendor on July 25, 2025, through a third-party coordination platform.
After months of limited vendor engagement, ZDI requested updates on November 10, 2025, and subsequently notified the vendor of intentions to publish the advisory as a zero-day on December 14, 2025.
Public disclosure occurred on January 9, 2026, following a coordinated advisory release.
The vulnerability impacts all installations of gemini-mcp-tool. Given the critical nature of the flaw and the absence of available security patches as of disclosure, the primary mitigation strategy is immediate network isolation and restriction of all interaction with the affected product.
Organizations currently deploying gemini-mcp-tool should implement strict access controls, limit exposure to trusted networks only, and consider alternative solutions until vendor remediation is available.
The CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates network accessibility with low attack complexity, no privilege requirements, and complete compromise of confidentiality, integrity, and availability.
This maximum severity assessment reflects the vulnerability’s exploitability and potential impact on affected systems.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.