All 3 CVE vulnerabilities found in python-utcp, with AI-generated Chinese analysis, references, and POCs.
Vendor: universal-tool-calling-protocol
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-45369 | python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol CWE-78 | 8.3 | High | 2026-05-14 |
| CVE-2026-45370 | python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection CWE-526 | 7.7 | High | 2026-05-14 |
| CVE-2026-44661 | python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol CWE-918 | 4.7 | Medium | 2026-05-14 |
All 3 known CVE vulnerabilities affecting python-utcp with full Chinese analysis, references, and POCs where available.