AI/ML , Vulnerability Management , Patch/Configuration Management Google: Addressing max severity Gemini CLI bug may require further action May 1, 2026 Share By SC Staff Despite already issuing fixes for a maximum severity vulnerability in its Gemini CLI tool, Google has warned that organizations leveraging the command-line AI tool through GitHub Actions, or in headless mode, may have to perform additional actions to avoid breaking their CI/CD workflows, The Register reports. Such a flaw, which was discovered independently by Novee researcher Elad Meged and Pillar Security's Dan Lisichkin, has resulted from the faulty workspace folder trust handling of Gemini CLI's headless mode, according to Google. Google said that while Gemini CLI versions 0.39.1 and 0.40.0-preview.3 already addressed the issue, the run-gemini-cli GitHub Action's defaulting to the latest release may prevent the loading of GitHub Actions and other automated pipelines dependent on older automatic trust behavior. Workflows reliant on Gemini CLI's --yolo mode may also be impacted by the update. "In version 0.39.1, the Gemini CLI policy engine now evaluates tool allowlisting under --yolo mode As a result, some workflows that previously depended on this behavior may fail silently unless tool allowlists are modified to fit the task," Google added. An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related Vulnerability Management 5 ways to close the ‘exploitability gap’ Steve Carter May 1, 2026 Here’s a plan for strengthening the company’s vulnerability management program. Supply chain Illicit AI-assisted commit-linked npm dependency compromises crypto wallets SC Staff May 1, 2026 Illicit AI-assisted commit-linked npm dependency compromises crypto wallets North Korean state-backed threat group Famous Chollima, also known as APT37 and Reaper, has published the malicious @validate-sdk/v2 npm package purporting to be a validation tool, which is associated with a code commit co-authored by Anthropic's Claude Opus model, to breach cryptocurrency wallets as part of the PromptMink campaign that has been underway for the past seven months, according to Infosecurity Magazine. Threat Intelligence AI and identity-first attacks reshape MSP security landscape SC Staff May 1, 2026 Guardz's 2026 State of MSP Threat Report indicates that AI has rendered traditional phishing tactics obsolete, enabling attackers to craft highly personalized and contextually relevant threats at an unprecedented scale. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds