CVE-2026-12210: Server-Side Request Forgery in universal-tool-calling-protocol python-utcp
CVE-2026-12210 is a server-side request forgery (SSRF) vulnerability in the universal-tool-calling-protocol python-utcp version 1.1.0. It affects an unspecified function within the utcp-gql/utcp-websocket component. The vulnerability can be exploited remotely without user interaction and has a medium severity rating. The vendor has not responded to the disclosure, and no patch or remediation is currently available.
AI Analysis
Technical Summary
This vulnerability in python-utcp 1.1.0 allows an attacker to perform server-side request forgery via manipulation of an unknown function in the utcp-gql/utcp-websocket component. The flaw enables remote attackers to induce the server to make unintended requests. The exploit details are publicly available, but the vendor has not issued any fix or advisory. The CVSS 4.0 base score is 5.3, reflecting network attack vector, low complexity, no privileges required, no user interaction, and low to limited impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation can lead to SSRF attacks, potentially allowing attackers to make unauthorized requests from the vulnerable server. This may expose internal resources or services to attackers. However, the impact is rated medium due to limited confidentiality, integrity, and availability impact as per the CVSS vector.
Mitigation Recommendations
No official fix or patch is currently available, and the vendor has not responded to the disclosure. Users should monitor vendor channels for any future updates. Until a patch is released, consider implementing network-level controls to restrict outbound requests from the affected component if feasible.
CVE-2026-12210: Server-Side Request Forgery in universal-tool-calling-protocol python-utcp
Description
CVE-2026-12210 is a server-side request forgery (SSRF) vulnerability in the universal-tool-calling-protocol python-utcp version 1.1.0. It affects an unspecified function within the utcp-gql/utcp-websocket component. The vulnerability can be exploited remotely without user interaction and has a medium severity rating. The vendor has not responded to the disclosure, and no patch or remediation is currently available.
CVSS v4.0
Score 5.3medium
Affected software
cpe:2.3:a:universal-tool-calling-protocol:python-utcp:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in python-utcp 1.1.0 allows an attacker to perform server-side request forgery via manipulation of an unknown function in the utcp-gql/utcp-websocket component. The flaw enables remote attackers to induce the server to make unintended requests. The exploit details are publicly available, but the vendor has not issued any fix or advisory. The CVSS 4.0 base score is 5.3, reflecting network attack vector, low complexity, no privileges required, no user interaction, and low to limited impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation can lead to SSRF attacks, potentially allowing attackers to make unauthorized requests from the vulnerable server. This may expose internal resources or services to attackers. However, the impact is rated medium due to limited confidentiality, integrity, and availability impact as per the CVSS vector.
Mitigation Recommendations
No official fix or patch is currently available, and the vendor has not responded to the disclosure. Users should monitor vendor channels for any future updates. Until a patch is released, consider implementing network-level controls to restrict outbound requests from the affected component if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-14T12:30:06.444Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2f6c1d1cccde5f26d201de
Added to database: 6/15/2026, 3:06:05 AM
Last enriched: 6/15/2026, 3:20:32 AM
Last updated: 6/15/2026, 4:07:49 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.