Gemini CLI flaw exposed hidden commands to hackers - ShiftDelete.Net Global

ShiftDelete.net
FOLLOW US

Gemini CLI flaw exposed hidden commands to hackers

Gemini CLI flaw lets hackers slip in hidden commands. Update to version 0.1.14 and use sandboxing to keep projects secure.

Gemini-CLI-1

A flaw in Gemini CLI left developers at risk of silent attacks. Hackers could trick the tool into running hidden instructions, leaking credentials, or carrying out destructive tasks without asking for approval. The issue shines a light on how fragile AI-assisted coding tools can be when security checks fail.

Gemini CLI whitelist system fell short

Gemini-CLI-2

Researchers at Tracebit discovered that the way the tool handled command approvals was flawed. Developers believed they were giving access to harmless functions, but attackers could disguise dangerous activity under the same name. This allowed malicious actions to slip through as if they had already been approved.

Gemini AI has arrived on smartwatches

Gemini AI has arrived on smartwatches

Gemini technology has officially launched for Wear OS smartwatches. The AI comes with significant features.

The patch arrives to fix the weakness

Google released version 0.1.14 to correct the problem. Now, suspicious actions appear openly and require direct confirmation before running. Developers who ignore sandboxing are shown clear red warnings in every session. Extra safeguards are available through container systems like Docker, Podman, and Apple’s Seatbelt, which isolate risky activity.

How attackers twisted Gemini CLI

Tracebit showed how attackers could chain the flaw into a two-step attack. First, they persuaded a user to approve a command that looked safe. Next, they buried harmful instructions inside files that the tool would later process. Since Gemini CLI reads everything in those files, the hidden commands are fired without the user realizing. That could expose secrets or hand attackers a way into the system.

Risks remain without an update

Developers who haven’t upgraded are still vulnerable. Anyone running projects from unknown sources without isolation could end up with stolen data or broken systems. The attack takes effort to pull off, but the risk is serious enough that updating should not be delayed.

What developers should do now

Key steps to stay protected include:

  • Install Gemini CLI v0.1.14 or newer
  • Run sessions inside Docker, Podman, or macOS Seatbelt
  • Avoid untrusted codebases unless isolated
  • Watch logs for unusual behavior

Gemini CLI shifts to safer defaults

The patched release changes how the tool handles commands. Hidden operations are now exposed, risky ones trigger prompts, and attackers lose the cover they once had. With the fix in place, developers regain control. Silent flaws cut deepest when ignored, but this one doesn’t have to.

CLI
Gemini
Gemini CLI

SDN Comments 0 Comments

Comment

Related News

Galaxy-Note-20-1
Galaxy Note 20 Support Ends, Closing the Chapter on Samsung’s Iconic Series
BMW is coming with a new fuel system
BMW is coming with a new fuel system
Voyager-ai-1
Tencent’s Voyager AI Turns Photos Into 3D-Style Video Worlds
Galaxy-Tab-S11-1
Galaxy Tab S11 Series Hands-On: More AI, Sharper Design, iPad in Sight

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio