Description
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Unix) or powershell.exe -Command (Windows), allowing an attacker to inject arbitrary shell commands. This vulnerability is fixed in 1.1.3.
Published: 2026-05-14
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in python-utcp causes user-supplied tool_args to be concatenated directly into shell command strings that are later executed via /bin/bash or powershell.exe. This unsanitized insertion permits an attacker to inject arbitrary shell commands, effectively gaining remote command execution on the host where the protocol runs. The weakness is classified as CWE-78, reflecting command injection vulnerabilities. The CVSS score of 8.3 indicates a high severity risk when exploitable.

Affected Systems

The vulnerability exists in the universal-tool-calling-protocol python-utcp package for all releases older than 1.1.3. The fix was introduced in version 1.1.3, removing the unsafe argument substitution mechanism.

Risk and Exploitability

With a CVSS rating of 8.3, the risk is high, but no EPSS data is currently available, and the flaw is not listed in CISA’s KEV catalog. Attackers must be able to influence the tool_args parameter, which is typically exposed to users of the CLI protocol. When an attacker can control that input, they can execute arbitrary commands in the environment where python-utcp runs, potentially compromising confidentiality, integrity, and availability of the system.

Generated by OpenCVE AI on May 14, 2026 at 21:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to python-utcp version 1.1.3 or later to eliminate the unsafe argument substitution logic.
  • Identify all systems running python-utcp and isolate those using versions older than 1.1.3.
  • Implement least‑privilege execution for the protocol or restrict its network exposure while the update is deployed.
  • Continuously monitor system logs for signs of command‑execution attempts to detect exploitation.

Generated by OpenCVE AI on May 14, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-33p6-5jxp-p3x4 utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Universal-tool-calling-protocol
Universal-tool-calling-protocol python-utcp
Vendors & Products Universal-tool-calling-protocol
Universal-tool-calling-protocol python-utcp

Sat, 16 May 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Unix) or powershell.exe -Command (Windows), allowing an attacker to inject arbitrary shell commands. This vulnerability is fixed in 1.1.3.
Title python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Universal-tool-calling-protocol Python-utcp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-16T01:00:25.585Z

Reserved: 2026-05-12T00:51:29.085Z

Link: CVE-2026-45369

cve-icon Vulnrichment

Updated: 2026-05-16T01:00:20.385Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T21:16:48.220

Modified: 2026-05-16T01:16:17.233

Link: CVE-2026-45369

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:01:57Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')