GHSA-5v57-8rxj-3p2r: python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
Summary
A vulnerability in the python-utcp library exposed all environment variables (including secrets like API keys and database passwords) to subprocesses because the `_prepare_environment()` function copied the entire host environment. When combined with a command injection flaw (CWE-78, where an attacker can sneak malicious commands into tool arguments), an attacker could steal sensitive credentials like AWS keys, database connection strings, and LLM API keys in a single tool call.
Solution / Mitigation
Upgrade to utcp-cli version 1.1.2 or later. The patch changes `_prepare_environment()` to use a controlled allowlist of environment variables instead of copying everything. Users can configure which variables are inherited via a new `CliCallTemplate.inherit_env_vars` field: set it to `null` (default, uses a safe OS-specific allowlist like PATH and HOME), `[]` (strict mode, nothing inherited), or specify exact variable names like `["FOO", "BAR"]`. Sensitive variables like `OPENAI_API_KEY` no longer reach subprocesses unless explicitly allowed.
Vulnerability Details
EPSS: 0.0%
Yes
May 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-5v57-8rxj-3p2r
First tracked: May 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%