CVE-2026-12210
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
A vulnerability was detected in the universal-tool-calling-protocol python-utcp library version 1.1.0, affecting an unknown function of the utcp-gql/utcp-websocket component. Manipulating this function leads to server-side request forgery.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to unauthorized access to server resources. The public availability of exploits increases the risk of attacks on systems using this library.
Recommendation
It is recommended to update the python-utcp library to the latest version to mitigate the risks associated with this vulnerability. Additionally, systems should be monitored for potential exploitation attempts.
Original NVD description (English source)
A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

