A significant security vulnerability in Google’s Gemini Live API has exposed applications to remote code execution (RCE) due to misconfigured ephemeral tokens. This flaw allows attackers to inject client-controlled setup frames and execute arbitrary code within AI voice sessions. The issue stems from the improper use of the “Constrained” WebSocket endpoint, particularly when developers neglect […]
The post Google Gemini Live API Flaw Allows RCE via Unconstrained Ephemeral Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: