Google Gemini CLI workspace-trust hardening update
Security Patch Release
Summary
Hide ▲
Show ▼
Google released a Gemini CLI security update that changes workspace-trust handling for headless CI workflows, reducing the risk that untrusted folders can trigger host-system code execution. The patch applies to @google/gemini-cli < 0.39.1, @google/gemini-cli < 0.40.0-preview.3, and google-github-actions/run-gemini-cli < 0.1.22. Google also hardened --yolo mode tool allowlisting so workflows processing untrusted inputs are less likely to auto-run dangerous commands.
Related Happenings
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical Analysis
H score22
First: 08.07.2026 14:21
Last: 08.07.2026 14:21
Sources 1
About this happening:
Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical AnalysisAbout this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)
Security Patch Release
H score15
First: 16.06.2026 22:05
Last: 16.06.2026 22:05
Sources 1
About this happening:
Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...
Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)
Security Patch ReleaseAbout this happening: Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical Analysis
H score16
First: 03.06.2026 22:11
Last: 03.06.2026 22:11
Sources 1
About this happening:
Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical AnalysisAbout this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Google expands Binary Transparency for Android for production app verification
Security Tool/Service
H score11
First: 06.05.2026 12:13
Last: 06.05.2026 12:13
Sources 1
About this happening:
Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...
Google expands Binary Transparency for Android for production app verification
Security Tool/ServiceAbout this happening: Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...
Google Antigravity prompt-injection fix
Security Patch Release
H score31
First: 21.04.2026 13:52
Last: 21.04.2026 13:52
Sources 1
About this happening:
**Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...
Google Antigravity prompt-injection fix
Security Patch ReleaseAbout this happening: **Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...
Timeline
-
30.04.2026 10:07 2 articles · 2mo ago
Google hardens Gemini CLI workspace trust
Mitigation Patch UpdateGoogle hardened Gemini CLI by requiring folders to be explicitly trusted before configuration files can be accessed and by evaluating tool allowlisting under --yolo mode in version 0.39.1, reducing command-execution risk in headless CI workflows that process untrusted folders or inputs for @google/gemini-cli and google-github-actions/run-gemini-cli.
Show sources
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution — thehackernews.com — 30.04.2026 10:07
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution — thehackernews.com — 30.04.2026 10:07