Critical Zero-Day in Gemini MCP Tool Enables Unauthenticated Remote Code Execution (CVE-2026-0755)

CyberDefender 3 mins0

Severity: Critical (CVSS 9.8 / 10)

Vulnerability Type: Remote Code Execution (RCE) through command injection

Affected Component: gemini-mcp-tool, a management and control utility used in the Gemini MCP ecosystem

Identifiers: CVE-2026-0755
Also tracked as ZDI-26-021 / ZDI-CAN-27783 by the Zero Day Initiative

Disclosure Date: January 23, 2026

What’s going on?

The issue exists in the execAsync method of gemini-mcp-tool. The method does not properly validate or sanitize user-provided input before sending it to the operating system for execution.

Because of this oversight, an attacker can craft malicious input that includes operating system commands. These commands are then executed by the application with the same privileges as the service itself.

This vulnerability is classified as CWE-78: OS Command Injection.

Why this is dangerous

This flaw is especially serious because:

  • No login is required — attackers don’t need credentials.
  • Exploitable over the network — no local access needed.
  • No user interaction — nothing needs to be clicked or approved.
  • Easy to exploit — low technical skill required.
  • Severe impact — attackers can fully compromise the system, run arbitrary code, steal data, install malware, or disrupt services.

In short, this is about as bad as it gets.

Mitigation status

There is no official patch available yet from the vendor at the time of disclosure.

Until a fix is released, the following defensive steps are strongly recommended:

  • Limit access to gemini-mcp-tool services to trusted internal networks only.
  • Use network segmentation and strict firewall rules to reduce exposure.
  • Actively monitor systems for suspicious command execution or unexpected privilege escalation.

Bottom line

CVE-2026-0755 is a critical zero-day vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on affected systems. Because it’s easy to exploit and accessible over the network, any exposed installations should be isolated and locked down immediately until an official patch becomes available.

CyberDefender