CVE ID :CVE-2026-45369
Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago
Description :python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Unix) or powershell.exe -Command (Windows), allowing an attacker to inject arbitrary shell commands. This vulnerability is fixed in 1.1.3.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago
Description :python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Unix) or powershell.exe -Command (Windows), allowing an attacker to inject arbitrary shell commands. This vulnerability is fixed in 1.1.3.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-45369
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
Prioritize all systems and applications that utilize the Universal Application Data Exchange (UADE) Protocol Library, especially those exposed to external networks or processing untrusted input.
If feasible and business-criticality allows, immediately isolate or temporarily disable services utilizing the UADE Protocol Library that are deemed high-risk. This may involve taking services offline or blocking network access at the host level.
💡 AI-generated — review with a security professional before acting.View on NVD →