A vulnerability was found in universal-tool-calling-protocol python-utcp 1.1.0 . It has been classified as critical . This affects an unknown function of the component utcp-gql/utcp-websocket . Performing a manipulation results in server-side request forgery. This vulnerability is identified as CVE-2026-12210 . The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.