The Gemini MCP Tool, a tool frequently used to control interactions within the Gemini ecosystem, has a serious zero-day vulnerability. On impacted installations, the security vulnerability enables unauthenticated remote attackers to run arbitrary code. This is still an active zero-day threat since the vendor has not yet issued a patch.

With a CVSS score of 9.8, the vulnerability—tracked as CVE-2026-0755—is categorized as critical. The exploit's severity results from the fact that it doesn't require any user interaction or prior authentication. To completely compromise the target system, an attacker must have network access. Technical Evaluation of the Error The Gemini MCP Tool's execAsync method implementation is the primary source of the vulnerability.

Although this function is intended to manage asynchronous command execution, user-supplied input strings are not adequately sanitized. The input is sent straight to a system call without adequate validation when the application handles a request involving this method. Malicious commands can be injected into this input stream by attackers.

After processing, the system uses the same privileges as the service account that is using the tool to carry out these commands. This essentially gives the attacker command over the underlying operating system, giving them the ability to disrupt services, install malware, or steal data. The vendor's response was noticeably delayed, according to the disclosure timeline. On July 25, 2025, ZDI first sent the vendor the vulnerability report.

In November, follow-up attempts were made, but the vendor did not offer a workable solution.

As a result, the vendor announced in December that the case would be published as a zero-day advisory on January 9, 2026. As of right now, CVE-2026-0755 cannot be fixed with an official patch. Limiting network access to the Gemini MCP Tool is the main mitigation technique.

Administrators should make sure the service is only accessible through reliable internal networks or VPNs and is not exposed to the public internet. CVE ID CVE-2026-0755 Features CVSS Critical Score: 9.8 AV:N/AC:L/PR:N/UI:Vendor Gemini MCP Tool Affected Product gemini-mcp-tool Vulnerability Type Remote Code Execution (RCE) Root Cause Inadequate validation in execAsync method N/S:U/C:H/I:H/A:H It is recommended that organizations utilizing the Gemini MCP Tool isolate the program until a security update is made available.

Network traffic should be watched by security teams for calls that seem suspicious and are aimed at the execAsync function.