Blind SSRF in python-utcp Prior to Version 1.1.3
CVE-2026-44661

4.7MEDIUM

Key Information:

Vendor: Universal-tool-calling-protocol
Status: Python-utcp
Vendor: CVE Published:; 14 May 2026

🔔 Create Universal-tool-calling-protocol Vulnerability Alert

What is CVE-2026-44661?

The python-utcp implementation is affected by a blind Server-Side Request Forgery (SSRF) due to a vulnerability within the utcp-http plugin prior to version 1.1.3. This flaw arises from an inconsistency in the trust boundary during manual discovery and tool invocation. Specifically, while register_manual() properly validates the discovery URL against an HTTPS and loopback allowlist, the call_tool() and call_tool_streaming() functions fail to revalidate the resolved tool_call_template.url, instead using it directly. Consequently, an attacker can maliciously craft a specification hosted on a legitimate HTTPS endpoint that points to internal services, potentially exposing sensitive information and creating security risks. The vulnerability affects all three HTTP-class protocols within the utcp_http framework.

Affected Version(s)

python-utcp < 1.1.2

References

https://github.com/universal-tool-calling-protocol/python...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44661 Data

JSON