github jamubc/gemini-mcp-tool v1.1.6
v1.1.6 — security patch (CVE-2026-0755)
on GitHub

latest release: v1.2.0-beta.1
3 hours ago

🔒 Security release — upgrade immediately

All users on 1.1.2 – 1.1.5 should upgrade to 1.1.6.

CVE-2026-0755 (CWE-78) — OS command injection / @file exfiltration

Untrusted prompt input could reach the Gemini CLI @file parser, allowing it to read and exfiltrate arbitrary local files (@/etc/passwd, @~/.ssh/id_rsa, @../../secret). On Windows, unquoted cmd.exe metacharacters could break out into OS command injection.

Fix

  • Removed the broken shell:false double-quote wrapping that provided no protection and corrupted @file references.
  • Added assertSafeFileReferences() — rejects any @file reference resolving outside the project working directory (absolute paths, ~ home references, and ../ traversal).
  • Hardened Windows cmd.exe argument quoting so metacharacters in spaceless tokens can no longer break out.
Package gemini-mcp-tool (npm)
Affected >= 1.1.2, < 1.1.6
Patched 1.1.6
Severity Critical (CVSS 9.8)

References

Fixes #73, #66.

Upgrade: npm install -g gemini-mcp-tool@1.1.6

Check out latest releases or
releases around jamubc/gemini-mcp-tool v1.1.6

Don't miss a new gemini-mcp-tool release

NewReleases is sending notifications on new releases.

Get notifications