GHSA-r8j5-8747-88cm: @utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol
Summary
The @utcp/http package has a Server-Side Request Forgery vulnerability (SSRF, a bug that tricks a server into making requests to internal networks it shouldn't access) because it doesn't properly check URLs when converting OpenAPI specifications (a standard format for describing APIs). An attacker can host a malicious OpenAPI spec that declares internal server addresses like 127.0.0.1 or cloud metadata endpoints, allowing them to read sensitive credentials or reach internal services. The vulnerability affects versions 1.1.1 and earlier.
Solution / Mitigation
Upgrade to @utcp/http version 1.1.2 or later. The fix adds a new security helper that validates URLs in three places: during manual discovery registration, before tool invocation, and when converting OpenAPI specs. It also fixes a prefix-bypass bug by using proper hostname-based validation instead of simple text matching. If you cannot upgrade immediately, the source lists these workarounds: do not call registerManual() with URLs controlled by untrusted parties, and restrict outbound network access from the agent host so internal addresses (RFC1918 ranges, 169.254.0.0/16, and loopback addresses) cannot be reached.
Vulnerability Details
EPSS: 0.0%
Yes
May 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-r8j5-8747-88cm
First tracked: May 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%