CVE-2026-45366: CWE-918: Server-Side Request Forgery (SSRF) in universal-tool-calling-protocol typescript-utcp
A Server-Side Request Forgery (SSRF) vulnerability exists in the typescript-utcp package prior to version 1. 1. 2. The vulnerability arises from a trust-boundary inconsistency where the discovery URL is validated, but the tool invocation URL is not revalidated, allowing an attacker to supply a malicious OpenAPI specification that points to internal services. This can cause the server to make unintended HTTP requests to internal or loopback addresses. The issue is fixed in version 1. 1. 2. The CVSS score is 4. 7, indicating medium severity.
AI Analysis
Technical Summary
The typescript-utcp package's @utcp/http component before version 1.1.2 is vulnerable to a blind SSRF due to inconsistent validation between manual discovery and tool invocation. Specifically, registerManual() validates discovery URLs against an HTTPS and loopback allowlist, but callTool() reuses the resolved toolCallTemplate.url without revalidation. The OpenApiConverter trusts the servers[0].url field from an attacker-controlled OpenAPI spec, allowing an attacker to specify internal IP addresses such as 127.0.0.1 or 169.254.169.254. This causes the server to issue requests to internal services, potentially exposing sensitive internal resources. The vulnerability is addressed in version 1.1.2.
Potential Impact
An attacker who can host a malicious OpenAPI specification on a legitimate HTTPS endpoint can exploit this vulnerability to cause the server to send requests to internal or loopback addresses. This may lead to unauthorized access or information disclosure from internal services accessible only from the server. The impact is limited to confidentiality and integrity with no direct availability impact. The CVSS score of 4.7 reflects a medium severity level with network attack vector, high attack complexity, no privileges required, and user interaction required.
Mitigation Recommendations
Upgrade to typescript-utcp version 1.1.2 or later, where this SSRF vulnerability has been fixed. There is no official vendor advisory specifying alternative mitigations. Patch status is not explicitly confirmed beyond the fix in version 1.1.2, so users should verify the upgrade. No other mitigations are indicated by the vendor advisory.
CVE-2026-45366: CWE-918: Server-Side Request Forgery (SSRF) in universal-tool-calling-protocol typescript-utcp
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in the typescript-utcp package prior to version 1. 1. 2. The vulnerability arises from a trust-boundary inconsistency where the discovery URL is validated, but the tool invocation URL is not revalidated, allowing an attacker to supply a malicious OpenAPI specification that points to internal services. This can cause the server to make unintended HTTP requests to internal or loopback addresses. The issue is fixed in version 1. 1. 2. The CVSS score is 4. 7, indicating medium severity.
CVSS v3.1
Score 4.7medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The typescript-utcp package's @utcp/http component before version 1.1.2 is vulnerable to a blind SSRF due to inconsistent validation between manual discovery and tool invocation. Specifically, registerManual() validates discovery URLs against an HTTPS and loopback allowlist, but callTool() reuses the resolved toolCallTemplate.url without revalidation. The OpenApiConverter trusts the servers[0].url field from an attacker-controlled OpenAPI spec, allowing an attacker to specify internal IP addresses such as 127.0.0.1 or 169.254.169.254. This causes the server to issue requests to internal services, potentially exposing sensitive internal resources. The vulnerability is addressed in version 1.1.2.
Potential Impact
An attacker who can host a malicious OpenAPI specification on a legitimate HTTPS endpoint can exploit this vulnerability to cause the server to send requests to internal or loopback addresses. This may lead to unauthorized access or information disclosure from internal services accessible only from the server. The impact is limited to confidentiality and integrity with no direct availability impact. The CVSS score of 4.7 reflects a medium severity level with network attack vector, high attack complexity, no privileges required, and user interaction required.
Mitigation Recommendations
Upgrade to typescript-utcp version 1.1.2 or later, where this SSRF vulnerability has been fixed. There is no official vendor advisory specifying alternative mitigations. Patch status is not explicitly confirmed beyond the fix in version 1.1.2, so users should verify the upgrade. No other mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T00:51:29.085Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a18b4aee29bf47b5032f466
Added to database: 5/28/2026, 9:33:34 PM
Last enriched: 5/28/2026, 9:49:10 PM
Last updated: 5/28/2026, 10:39:40 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.