Question 1

What is CVE-2026-12537 — CVE-2026-12537?

Accepted Answer

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously…

Question 2

What is the authoritative source for CVE-2026-12537?

Accepted Answer

CVE-2026-12537 (CVE-2026-12537) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-12537CVE-2026-12537

Description

Scoring