CVE-2026-45366— Universal Tool Calling Protocol 代码问题漏洞

typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual() validates the discovery URL against an HTTPS / loopback allowlist, but callTool() reuses the resolved toolCallTemplate.url directly without revalidating, and the OpenApiConverter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: "http://127.0.0.1:9090" }] or servers: [{ url: "http://169.254.169.254" }]; the converter then produces tools whose URL points at internal services on the agent host. This vulnerability is fixed in 1.1.2.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

服务端请求伪造(SSRF)

Universal Tool Calling Protocol 代码问题漏洞

Universal Tool Calling Protocol是Universal Tool Calling Protocol开源的一个UTCP的官方python实现库。 Universal Tool Calling Protocol 1.1.2之前版本存在代码问题漏洞，该漏洞源于@utcp/http包存在盲SSRF，registerManual()验证发现URL但callTool()重用已解析的toolCallTemplate.url而未重新验证，OpenApiConverter盲目信任攻击者托管规范中

N/A

N/A