A critical remote code execution vulnerability, identified as CVE-2026-0755, exists in a component named "gemini-mcp-tool" found in multiple products. This flaw allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable system, potentially leading to a full system compromise. Due to its high severity and lack of required authentication, this vulnerability poses a significant and immediate risk to affected organizations.

This is a command injection vulnerability within the execAsync method of the gemini-mcp-tool. The application fails to properly sanitize or validate a user-supplied string before incorporating it into a system command. A remote, unauthenticated attacker can craft a malicious input string containing arbitrary commands, which are then executed by the system with the privileges of the running service account.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected server, allowing an attacker to steal sensitive data, install malware or ransomware, disrupt business operations, and use the compromised system as a pivot point for further attacks within the network. The potential business impact includes significant financial loss, reputational damage, data breach notification costs, and regulatory penalties.

Immediate Action: Immediately identify all systems running the vulnerable "gemini-mcp-tool" and update the affected products to the latest patched version as recommended by the vendor. In parallel, initiate monitoring of system and application logs for any signs of exploitation attempts.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for unusual child processes spawned by the service account associated with the gemini-mcp-tool, unexpected outbound network connections from affected servers, and review access logs for malformed requests or payloads containing shell commands.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls such as restricting network access to the vulnerable service to only trusted IP addresses. Deploying a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rules to detect and block command injection attempts can also help mitigate risk.

Public Exploit Available: Unknown at this time

Given the critical CVSS score of 9.8 and the fact that no authentication is required for exploitation, this vulnerability must be treated as a top priority. Organizations are strongly urged to immediately initiate efforts to identify any instances of "gemini-mcp-tool" within their environment and apply the necessary patches without delay. Although not currently listed on the CISA KEV list, the severity of this vulnerability warrants an emergency response to prevent potential compromise.