{"data":{"id":"6f728eb9-c118-41b8-adcf-d65ac065264b","title":"GHSA-5v57-8rxj-3p2r: python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection","summary":"A vulnerability in the python-utcp library exposed all environment variables (including secrets like API keys and database passwords) to subprocesses because the `_prepare_environment()` function copied the entire host environment. When combined with a command injection flaw (CWE-78, where an attacker can sneak malicious commands into tool arguments), an attacker could steal sensitive credentials like AWS keys, database connection strings, and LLM API keys in a single tool call.","solution":"Upgrade to utcp-cli version 1.1.2 or later. The patch changes `_prepare_environment()` to use a controlled allowlist of environment variables instead of copying everything. Users can configure which variables are inherited via a new `CliCallTemplate.inherit_env_vars` field: set it to `null` (default, uses a safe OS-specific allowlist like PATH and HOME), `[]` (strict mode, nothing inherited), or specify exact variable names like `[\"FOO\", \"BAR\"]`. Sensitive variables like `OPENAI_API_KEY` no longer reach subprocesses unless explicitly allowed.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5v57-8rxj-3p2r","publishedAt":"2026-05-14T20:56:07.000Z","cveId":"CVE-2026-45370","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain","pii_leakage"],"issueType":"vulnerability","affectedPackages":["utcp-cli@<= 1.1.1 (fixed: 1.1.2)"],"affectedVendors":["OpenAI","Anthropic"],"affectedVendorsRaw":["python-utcp","utcp-cli","OpenAI","Anthropic","AWS","Azure"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T20:56:07.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}