GHSA-wpqr-6v78-jr5g: Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

April 24, 2026

Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive (headless) environments handle folder trust, which may impact existing CI/CD workflows under specific conditions.

References

github.com/advisories/GHSA-wpqr-6v78-jr5g
github.com/google-github-actions/run-gemini-cli
github.com/google-github-actions/run-gemini-cli/security/advisories/GHSA-wpqr-6v78-jr5g

Code Behaviors & Features

Detect and mitigate GHSA-wpqr-6v78-jr5g with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →