Particle.news

Download on the App Store

Google Fixes Gemini CLI Vulnerability That Enabled Stealth Data Exfiltration

It introduces clear warnings for data-transfer commands to block hidden prompt-injection attacks that could exfiltrate developer data.

A Google logo in the background, with a phone displaying "Gemini" on the screen.
Image
Image

Overview

  • Version 0.1.14, released July 25, flags and warns users before executing data-transfer commands and closes semicolon-based bypasses.
  • Tracebit researchers uncovered the flaw on June 27, finding that Gemini CLI lacked proper validation of context files like README.md and GEMINI.md.
  • Attackers could embed semicolon-separated payloads in allow-listed commands to run unauthorized scripts and quietly exfiltrate environment variables.
  • Malicious instructions could be concealed through whitespace manipulation in AI output, leaving developers unaware of hidden code execution.
  • Testing shows OpenAI Codex and Anthropic Claude remain immune to this exploit thanks to more robust allow-list mechanisms.