CVE-2026-45370

High

Published: 14 May 2026

Published

14 May 2026

Modified

14 May 2026

KEV Added

—

Patch

—

CVSS Score 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Score N/A

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-45370 is a high-severity Cleartext Storage of Sensitive Information in an Environment Variable (CWE-526) vulnerability. Its CVSS base score is 7.7 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

NVD Description

python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This…

vulnerability is fixed in 1.1.3.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-526

References

https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-5v57-8rxj-3p2r
security-advisories@github.com