CVE-2026-29872HIGH 8.2EPSS p16.4%

CVE-2026-29872CVE-2026-29872

Description

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without proper session isolation. Because Streamlit serves multiple concurrent users from a single Python process, credentials provided by one user remain accessible to subsequent unauthenticated users. An attacker can exploit this issue to retrieve sensitive information such as GitHub Personal Access Tokens or LLM API keys, potentially leading to unauthorized access to private resources and financial abuse.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.25% probability of exploitation · percentile 16.4% · 2026-06-18T12:00:27Z
Published2026-03-30
Last modified2026-04-06

Underlying weaknesses· 3

CWE-200CWE-284CWE-522

References

  1. https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29872.md

3

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live
WeaknessImproper Access Controlcwe-2840%live
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31236
CVE
CVE-2026-32625
CVE
BerriAI LiteLLM Command Injection Vulnerability
CVE
CVE-2026-22038
CVE
CVE-2026-27941
CVE
CVE-2026-42203
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.