Home Cyber Security News Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication.
Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease of exploitation and severe impact.
According to a new advisory from Trend Micro’s Zero Day Initiative (ZDI), the issue affects the open‑source gemini-mcp-tool, a utility designed to integrate Gemini models with Model Context Protocol (MCP) services.
Vulnerability Overview
Both the vendor and product are listed as Gemini MCP Tool / gemini-mcp-tool in the advisory. At the core of the vulnerability is the improper handling of user‑supplied input in the execAsync method.
This function passes input directly into a system call without adequate validation or sanitization.
A remote attacker can exploit this command injection weakness to execute arbitrary code on the underlying system, running with the privileges of the service account.
Field Information
CVE ID CVE-2026-0755
0‑Day Name gemini-mcp-tool execAsync Command Injection RCE Vulnerability
CVSS v3.1 Score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product gemini-mcp-tool
Impact Remote, unauthenticated arbitrary code execution
Because the attack vector is network‑based and requires no prior authentication or user interaction, internet‑exposed or shared environments are at particularly high risk.
The vulnerability was originally reported to the vendor on July 25, 2025, via a third‑party platform.
ZDI followed up for updates in November 2025 and, after receiving no sufficient response, informed the vendor on December 14, 2025 of its intention to publish the case as a zero‑day advisory.
The coordinated public disclosure and advisory update occurred on January 9, 2026.
At the time of publication, no official patch or update has been documented. As a result, mitigation options are limited.
ZDI recommends strictly restricting access to the Gemini MCP Tool by ensuring it is not directly exposed to the internet and limiting interaction to trusted networks and users.
Administrators should also monitor systems running gemini-mcp-tool for suspicious process execution and unusual outbound connections that could indicate successful exploitation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
RELATED ARTICLESMORE FROM AUTHOR
Cyber Security News
Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories
Cyber Security News
New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues
Cyber Security News
Angular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks
Top 10
Essential E-Signature Solutions for Cybersecurity in 2026
January 31, 2026
Top 10 Best Data Removal Services In 2026
January 29, 2026
Best VPN Services of 2026: Fast, Secure & Affordable
January 26, 2026
Top 10 Best Data Security Companies in 2026
January 23, 2026
Top 15 Best Ethical Hacking Tools – 2026
January 15, 2026