CVE-2026-45366

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,7

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual() validates the discovery URL against an HTTPS / loopback allowlist, but callTool() reuses the resolved toolCallTemplate.url directly without revalidating, and the OpenApiConverter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: 'http://127.0.0.1:9090' }] or servers: [{ url: 'http://169.254.169.254' }]; the converter then produces tools whose URL points at internal services on the agent host. This vulnerability is fixed in 1.1.2.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: Web Based, AI/ML, Web Server

View CWE Details

https://github.com/universal-tool-calling-protocol/typescri…

https://github.com/universal-tool-calling-protocol/typescript-utcp/security/adv…

CVE-2026-45366

Description

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter