PatchSiren cyber security CVE debrief
CVE-2026-12210 universal-tool-calling-protocol CVE debrief
A Server-Side Request Forgery (SSRF) vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used.
- Vendor
- universal-tool-calling-protocol
- Product
- python-utcp
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of universal-tool-calling-protocol python-utcp 1.1.0 are affected by this vulnerability.
Technical summary
The vulnerability has a CVSS score of 2.1 and a CVSS severity of LOW. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-918.
Defensive priority
This vulnerability has a low CVSS score, indicating a relatively low severity. However, as the exploit is publicly available, users of the affected software should prioritize patching.
Recommended defensive actions
- Apply patches or updates provided by the vendor.
- Restrict access to the affected component.
- Monitor for suspicious activity.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2026-12210 was published on 2026-06-15T03:16:24.330Z and has not been modified since then.