A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication.

Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease of exploitation and severe impact.

news

A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication.

Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease of exploitation and severe impact.