CVE-2026-0755
Published: 23 January 2026
Summary
CVE-2026-0755 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-0755 is a command injection vulnerability in gemini-mcp-tool that affects the execAsync method. The flaw stems from insufficient validation of user-supplied input before it is passed to a system call, enabling remote code execution. It carries a CVSS score of 9.8 and is tracked under CWE-78.
Unauthenticated remote attackers can exploit the issue over the network to run arbitrary code in the context of the service account. No user interaction or credentials are required, and successful exploitation grants full control over the affected installation.
The Zero Day Initiative published advisory ZDI-26-021 detailing the vulnerability.
EPSS for the CVE rose from a low baseline to a peak of 0.0127, indicating increased exploitation interest after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4492
Vulnerability details
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync…
more
method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: gemini, mcp
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted input before it is used in system calls, blocking the execAsync command-injection flaw.
Restricts the set of allowed system commands and functions, limiting the attack surface available to an unauthenticated remote attacker via the vulnerable method.
Limits privileges of the service account under which injected commands would execute, reducing the impact of successful exploitation.