CNNVD-202601-4190 Information

CNNVD ID

CNNVD-202601-4190

Related CVE

CVE-2026-0755

• CNNVD Published: 2026-01-23

Description (Chinese)

Google Gemini MCP Tool是美国谷歌（Google）公司的一个基于大模型上下文协议的工具组件。 Google Gemini MCP Tool 存在操作系统命令注入漏洞，该漏洞源于execAsync方法未验证用户输入即执行系统调用，可能导致远程命令执行。

Description (English)

Google Gemini MCP Tool is a tool component of Google based on big model context protocols. Google Gemini MCP Tool has an operational system command leak that originates from an execAsync method to execute the system call without verifying user input, which may result in remote command execution.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

谷歌

Published

2026-01-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-26-021/