logo

Google Gemini Live API Flaw Allows RCE via Unconstrained Ephemeral Tokens

ID: 1290cef5-f094-5083-9b1f-4a6d595bde2f

STIX ID: report--1290cef5-f094-5083-9b1f-4a6d595bde2f

Feed Name: GBHackers

Threat Score
75/100

Date Published: 2026-07-07

Date Updated: 2026-07-07

Author: Divya

...
...

A misconfiguration in Google Gemini Live API ephemeral tokens — specifically omission of live_connect_constraints when issuing browser-facing tokens — allows attackers to supply malicious WebSocket setup frames that enable arbitrary Python execution (RCE) within AI voice sessions. A researcher demonstrated a proof-of-concept that executed system calls in Google’s gVisor sandbox; while gVisor limits network persistence and lateral movement, unconstrained tokens can still permit session hijacking, arbitrary code execution, and resource abuse. The recommended mitigation is to enforce locked live_connect_constraints (model, system_instruction, and empty tools) at token generation to prevent client-side overrides.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.