CVE-2026-12210 MEDIUM

CVE-2026-12210: universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

Vendor Universal-Tool-Calling-Protocol

Product python-utcp

Weakness CWE-918 · SSRF

Published June 15, 2026

Last update June 15, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

June 15, 2026 CVE published

June 15, 2026 Record updated