Users are vulnerable to remote code execution (RCE) attacks without authentication due to a critical zero-day vulnerability in the Gemini MCP Tool This article explores vulnerability gemini mcp. . The flaw, designated CVE-2026-0755 and tracked as ZDI-26-021/ZDI-CAN-27783, has a maximum CVSS v3.1 score of 9.8, indicating its severe impact and ease of exploitation.

The problem impacts the open-source gemini-mcp-tool, a tool for integrating Gemini models with Model Context Protocol (MCP) services, according to a recent advisory from Trend Micro's Zero Day Initiative (ZDI). Overview of Vulnerabilities The advisory lists the product and vendor as Gemini MCP Tool or gemini-mcp-tool. The execAsync method's incorrect handling of user-supplied input lies at the heart of the vulnerability. This function does not properly validate or sanitize input before passing it into a system call.

This command injection vulnerability allows a remote attacker to run arbitrary code on the underlying system using the service account's privileges. Field Details CVE ID CVE-2026-0755 0 Day Name execAsync Command Injection RCE Vulnerability gemini-mcp-tool CVSS v3.1 Score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Gemini-mcp-tool is the affected product. Effects Unauthorized remote execution of arbitrary code Internet-exposed or shared environments are especially vulnerable because the attack vector is network-based and doesn't require any prior authentication or user interaction.

On July 25, 2025, a third-party platform reported the vulnerability to the vendor. After requesting updates in November 2025, ZDI notified the vendor on December 14, 2025, that it intended to publish the case as a zero-day advisory if there was insufficient response.

On January 9, 2026, a coordinated public disclosure and advisory update took place. There was no official patch or update available at the time of publication. There are therefore few options for mitigation.

By making sure the Gemini MCP Tool is not directly connected to the internet and restricting interaction to trusted networks and users, ZDI advises severely limiting access to the tool. Additionally, administrators should keep an eye out for unusual outgoing connections and suspicious process execution on systems running gemini-mcp-tool, as these could be signs of successful exploitation. X, LinkedIn, and X for daily updates on cybersecurity. To have your stories featured, get in touch with us.