CVE-2026-45370 PUBLISHED

python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Assigner: GitHub_M
Reserved: 12.05.2026 Published: 14.05.2026 Updated: 14.05.2026

python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vulnerability is fixed in 1.1.3.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 7.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	universal-tool-calling-protocol
Product	python-utcp
Versions	Version < 1.1.2 is affected

References

https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-5v57-8rxj-3p2r

Problem Types

CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable CWE