Vulnerabilities in universal-tool-calling-protocol
5 resultsCVE-2026-45369HIGHpython-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication ProtocolEPSS 0.3%CVE-2026-12210MEDIUMuniversal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgeryEPSS 0.2%CVE-2026-45370HIGHpython-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command InjectionEPSS 0.2%CVE-2026-44661MEDIUMpython-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocolEPSS 0.2%CVE-2026-45366MEDIUMtypescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocolEPSS 0.1%