CVE Catalog

CVE-2026-12210

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

A vulnerability was detected in the universal-tool-calling-protocol python-utcp library version 1.1.0, affecting an unknown function of the utcp-gql/utcp-websocket component. Manipulating this function leads to server-side request forgery.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to unauthorized access to server resources. The public availability of exploits increases the risk of attacks on systems using this library.

Recommendation

It is recommended to update the python-utcp library to the latest version to mitigate the risks associated with this vulnerability. Additionally, systems should be monitored for potential exploitation attempts.

Original NVD description (English source)

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS