Description
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without proper session isolation. Because Streamlit serves multiple concurrent users from a single Python process, credentials provided by one user remain accessible to subsequent unauthenticated users. An attacker can exploit this issue to retrieve sensitive information such as GitHub Personal Access Tokens or LLM API keys, potentially leading to unauthorized access to private resources and financial abuse.
Published: 2026-03-30
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: API token disclosure
Action: Update
AI Analysis

Impact

The Awesome‑LLM‑Apps application stores user‑supplied API tokens in process‑wide environment variables using os.environ, lacking session isolation. Because the Streamlit framework serves multiple concurrent users from a single Python process, credentials supplied by one user remain accessible to subsequent, unauthenticated users, creating a vulnerability that can leak sensitive information such as GitHub Personal Access Tokens or LLM API keys. This breach of confidentiality is classified under CWE‑200, CWE‑284, and CWE‑522, potentially allowing attackers to access private resources or incur unauthorized charges.

Affected Systems

This issue affects the Awesome‑LLM‑Apps project, specifically the release built from commit e46690f99c3f08be80a9877fab52acacf7ab8251 released on 2026‑01‑19. The product is a Streamlit‑based GitHub MCP Agent designed for use by multiple concurrent users.

Risk and Exploitability

The vulnerability has a high CVSS score of 8.2, but its EPSS score is below 1 %, indicating a low to moderate probability of exploitation at present. It is not listed in CISA's KEV catalog. Likely attack vectors involve remote interaction with the Streamlit web interface, where an attacker can submit a session that sets an environment variable or retrieve a token stored from a previous session. Successful exploitation would grant unauthorized access to the victim’s private repositories or LLM services.

Generated by OpenCVE AI on April 6, 2026 at 19:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Inspect the application code to confirm that API tokens are stored in os.environ.
  • Refactor the code so that tokens are stored in per‑session storage such as Streamlit session_state instead of a process‑wide environment variable.
  • Restrict exposure of environment variables through the web interface so that only authorized users can query them.
  • Implement authentication or network segmentation so that only trusted users can access the application.
  • Regularly audit token handling and rotate credentials to minimize potential leakage.

Generated by OpenCVE AI on April 6, 2026 at 19:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Cross‑Session Information Disclosure of API Tokens in Awesome‑LLM‑Apps

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Theunwindai
Theunwindai awesome Llm Apps
CPEs cpe:2.3:a:theunwindai:awesome_llm_apps:2026-01-19:*:*:*:*:*:*:*
Vendors & Products Theunwindai
Theunwindai awesome Llm Apps

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Shubhamsaboo
Shubhamsaboo awesome-llm-apps
Vendors & Products Shubhamsaboo
Shubhamsaboo awesome-llm-apps

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Title Cross‑Session Information Disclosure of API Tokens in Awesome‑LLM‑Apps

Mon, 30 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-284
CWE-522
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without proper session isolation. Because Streamlit serves multiple concurrent users from a single Python process, credentials provided by one user remain accessible to subsequent unauthenticated users. An attacker can exploit this issue to retrieve sensitive information such as GitHub Personal Access Tokens or LLM API keys, potentially leading to unauthorized access to private resources and financial abuse.
References

Subscriptions

Shubhamsaboo Awesome-llm-apps
Theunwindai Awesome Llm Apps
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-30T18:15:13.246Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-29872

cve-icon Vulnrichment

Updated: 2026-03-30T18:12:21.520Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T18:16:18.523

Modified: 2026-04-06T16:00:39.033

Link: CVE-2026-29872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:42Z

Weaknesses