js · gemini-mcp-toolCritical
gemini-mcp-tool: Critical security fix for file exfiltration and command injection
A security vulnerability was fixed in gemini-mcp-tool.
What changed
A security vulnerability was fixed in gemini-mcp-tool. Untrusted prompt input could reach the Gemini CLI @file parser, allowing read/exfiltration of arbitrary local files. On Windows, unquoted cmd.exe metacharacters could break out into OS command injection. The fix (1.1.6) removed broken shell:false double-quote wrapping, added assertSafeFileReferences() to contain @file refs to the working directory, and hardened Windows cmd.exe argument quoting.
Who it affects
All users of gemini-mcp-tool prior to version 1.1.6, especially those processing untrusted prompt input or running on Windows.
What to do today
Upgrade to version 1.1.6 or later immediately.
The trail
Collected→
Audited→
Written→
Published