https://vulnerability.circl.lu/sightings/feed 2026-06-01T20:35:48.800734+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f631397f-0b85-4c39-8466-9e9d8c48acca/export 2026-06-01T20:35:48.818208+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "f631397f-0b85-4c39-8466-9e9d8c48acca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45370", "type": "published-proof-of-concept", "source": "https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-5v57-8rxj-3p2r", "content": "", "creation_timestamp": "2026-05-10T11:59:33.000000Z"} 2026-05-10T11:59:33+00:00 https://vulnerability.circl.lu/sighting/0d27db74-89f5-4eda-a49f-5dbc81a55910/export 2026-06-01T20:35:48.818120+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "0d27db74-89f5-4eda-a49f-5dbc81a55910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45371", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gmmv-4cc5-wr9r", "content": "", "creation_timestamp": "2026-05-10T12:05:37.000000Z"} 2026-05-10T12:05:37+00:00 https://vulnerability.circl.lu/sighting/d8dc32f3-6d17-4e1f-aec3-adb62436cc5d/export 2026-06-01T20:35:48.817282+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "d8dc32f3-6d17-4e1f-aec3-adb62436cc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45375", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-27qc-m5gf-jv5r", "content": "", "creation_timestamp": "2026-05-10T15:32:12.000000Z"} 2026-05-10T15:32:12+00:00 https://vulnerability.circl.lu/sighting/9def1623-ef9c-4bfd-bd38-e99bceab0ab1/export 2026-06-01T20:35:48.817176+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "9def1623-ef9c-4bfd-bd38-e99bceab0ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45370", "type": "seen", "source": "https://gist.github.com/alon710/b6fd947590993b5b0ed338c431321ca8", "content": "# CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses\n\n> **CVSS Score:** 7.7\n> **Published:** 2026-05-14\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45370\n\n## Summary\nThe python-utcp library improperly exposes the host application's full environment variables to spawned subprocesses via os.environ.copy(). When combined with an existing command injection flaw, attackers can exfiltrate all host secrets in a single request.\n\n## TL;DR\npython-utcp prior to version 1.1.3 improperly exposes process-level environment variables to CLI subprocesses, enabling secret exfiltration when chained with command injection vulnerabilities.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-526\n- **CVSS Score**: 7.7 (High)\n- **Attack Vector**: Network\n- **Impact**: High Confidentiality Loss\n- **Affected Component**: cli_communication_protocol.py\n- **Related CVE**: CVE-2026-45369\n\n## Affected Systems\n\n- python-utcp\n- Universal Tool Calling Protocol (UTCP) CLI applications\n- **python-utcp**: < 1.1.3 (Fixed in: `1.1.3`)\n\n## Mitigation\n\n- Upgrade the python-utcp library to version 1.1.3 or higher.\n- Override the _prepare_environment() function to return an explicit allowlist of environment variables.\n- Implement defense-in-depth by adopting short-lived, scoped credentials instead of permanent environment variables.\n- Monitor subprocess creation logs for suspicious shell commands or arguments.\n\n**Remediation Steps:**\n1. Identify all deployments utilizing the python-utcp package.\n2. Update requirements.txt or pipfile to mandate python-utcp >= 1.1.3.\n3. Restart the application to ensure the patched library is loaded into memory.\n4. If compromise is suspected, immediately rotate all secrets, API keys, and database credentials previously stored in the host environment.\n\n## References\n\n- [GitHub Advisory: GHSA-5v57-8rxj-3p2r](https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-5v57-8rxj-3p2r)\n- [GitHub Advisory: GHSA-33p6-5jxp-p3x4](https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-33p6-5jxp-p3x4)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-45370)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-45370)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45370) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-14T22:10:29.000000Z"} 2026-05-14T22:10:29+00:00 https://vulnerability.circl.lu/sighting/8a5fdf67-be87-4129-9c3d-45608acd09cb/export 2026-06-01T20:35:48.817061+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8a5fdf67-be87-4129-9c3d-45608acd09cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu6iie6jq2e", "content": "CVE-2026-45370 - python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection\nCVE ID : CVE-2026-45370\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. ...", "creation_timestamp": "2026-05-15T01:27:16.409884Z"} 2026-05-15T01:27:16.409884+00:00 https://vulnerability.circl.lu/sighting/10e04d71-b360-4903-adcc-d30731eea1d0/export 2026-06-01T20:35:48.816943+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "10e04d71-b360-4903-adcc-d30731eea1d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45374", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwpiscdn52z", "content": "\ud83d\udd34 CVE-2026-45374 - Critical (9.6)\n\nCodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool sp...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45374/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T19:02:11.973546Z"} 2026-05-28T19:02:11.973546+00:00 https://vulnerability.circl.lu/sighting/1c83b31b-8fb8-4ce3-a4e6-d27b932aa581/export 2026-06-01T20:35:48.816826+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "1c83b31b-8fb8-4ce3-a4e6-d27b932aa581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwtrcv6dj2p", "content": "CVE-2026-45374 - CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files\nCVE ID : CVE-2026-45374\n \n Published : May 28, 2026, 6:16 p.m. | 54\u00a0minutes ago\n \n Description : CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26,...", "creation_timestamp": "2026-05-28T20:18:31.994327Z"} 2026-05-28T20:18:31.994327+00:00 https://vulnerability.circl.lu/sighting/eb7a4f76-656b-49d7-8573-a671e8f8562a/export 2026-06-01T20:35:48.816699+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "eb7a4f76-656b-49d7-8573-a671e8f8562a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzgmyzox52g", "content": "\ud83d\udd34 CVE-2026-45372 - Critical (9.9)\n\ncpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45372/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T21:01:28.509597Z"} 2026-05-29T21:01:28.509597+00:00 https://vulnerability.circl.lu/sighting/dca24acc-c0b7-421c-9399-e032b9647ef6/export 2026-06-01T20:35:48.816533+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "dca24acc-c0b7-421c-9399-e032b9647ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmziti3zcz2h", "content": "CVE-2026-45372 - cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection\nCVE ID : CVE-2026-45372\n \n Published : May 29, 2026, 8:16 p.m. | 16\u00a0minutes ago\n \n Description : cpp-httplib is a C++11 single-file header-only cross platform ...", "creation_timestamp": "2026-05-29T21:40:55.535206Z"} 2026-05-29T21:40:55.535206+00:00 https://vulnerability.circl.lu/sighting/1b3b5e7f-0975-4ccd-a97d-2491d4e996ef/export 2026-06-01T20:35:48.814420+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "1b3b5e7f-0975-4ccd-a97d-2491d4e996ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116662972724180457", "content": "A lot of offensive activities were identified targeting yhirose cpp-httplib (CVE-2026-45372) https://vuldb.com/vuln/367381/cti", "creation_timestamp": "2026-05-30T10:08:12.626133Z"} 2026-05-30T10:08:12.626133+00:00