CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses

1 / 2

CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses

DEV Community·CVE Reports·18 days ago

#kA35tqIn

#security #cve #cybersecurity #software #utcp #python

Reading 0:00

15s threshold

CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses Vulnerability ID: CVE-2026-45370 CVSS Score: 7.7 Published: 2026-05-14 The python-utcp library improperly exposes the host application's full environment variables to spawned subprocesses via os.environ.copy(). When combined with an existing command injection flaw, attackers can exfiltrate all host secrets in a single request. TL;DR python-utcp prior to version 1.1.3 improperly exposes process-level environment variables to CLI subprocesses, enabling secret exfiltration when chained with command injection vulnerabilities.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses