{"vulnerability": "cve-2026-12537", "sightings": [{"uuid": "67dfe455-f005-46ba-9973-b07f0763cfc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ie25yct2k", "content": "CVE-2026-12537 - Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows\nCVE ID : CVE-2026-12537\n \n Published : June 24, 2026, 1:37 p.m. | 3\u00a0hours, 33\u00a0minutes ago\n \n Description : Improper Neutralization used in an OS Command in the container launcher in Google Gem...", "creation_timestamp": "2026-06-24T17:55:17.558979Z"}, {"uuid": "21eca65d-fc0d-45a7-a735-2486bbb15e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpfd3vdhxd2f", "content": "Gemini CLI Vulnerability Hits Maximum CVSS 10\u00a0Score\n\nA critical Gemini CLI vulnerability (CVE-2026-12537) exposes developer workflows to maximum severity attacks. Google disclosed this CVSS 10 rating flaw recently. TL;DR A critical Gemini CLI vulnerability allows OS command injection in continuous\u2026", "creation_timestamp": "2026-06-29T01:20:33.393042Z"}]}