CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

MAL-2026-3743 Malicious code in sol-batch-transfer-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dab4fb850a1ce0b83f1e7f74ce0281ca8309031037355f9a247dbd0a715eab4d The code silently adds a hardcoded address to the list of transfer recipients. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45665 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45665 Source advisory: SNYK:PYTHON-OPENWEBUI-16725483...

openwebui-token-tracking (>=0.1.7 <=0.1.10), sillikalm (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-45396 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45396 Source advisory: OSV:GHSA-RJMP-VJF2-QF4G...

CVE-2026-45369 python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

CVE-2026-45369

Summary: CVE-2026-45369 affects python-utcp prior to 1.1.3, where _substitute_utcp_args in cli_communication_protocol.py injects user-controlled tool_args directly into shell commands without sanitization, leading to potential Remote Code Execution when commands are run via /bin/bash -c (Unix) or...

CVE-2026-45369 python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

CVE-2026-45370 python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

CVE-2026-45370 python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

CVE-2026-45370

CVE-2026-45370 affects the python-utcp project. The vulnerability resides in _prepare_environment() in cli_communication_protocol.py, which before version 1.1.3 passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, this can allow an attacker to exfiltrate al...

CVE-2026-44661

CVE-2026-44661 affects python-utcp (utcp-http plugin) prior to v1.1.3. The vulnerability arises because register_manual() validates discovery URLs against an HTTPS/loopback allowlist, while call_tool()/call_tool_streaming() reuse tool_call_template.url without revalidation and the OpenAPI convert...

CVE-2026-44661 python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

EUVD-2026-30479

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

MAL-2026-3773 Malicious code in sysbin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8ea4ce073a93a1973a062ac7661ceeaea9c312f9fd67e9acda9936e2b6578 Package metadata advertises sysbin as a 'System binary configuration tool' but the tarball ships pointer.py, a stealth overlay that runs automaticall...

MAL-2026-3760 Malicious code in ethers-abstract-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...

Malicious code in ethers-signing-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...