ROOT-APP-PYPI-CVE-2025-64340 CVE-2025-64340 in rootio-fastmcp - Patched by Root

Root has patched CVE-2025-64340 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-62801 CVE-2025-62801 in rootio-fastmcp - Patched by Root

Root has patched CVE-2025-62801 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-27124 CVE-2026-27124 in rootio-fastmcp - Patched by Root

Root has patched CVE-2026-27124 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-32871 CVE-2026-32871 in rootio-fastmcp - Patched by Root

Root has patched CVE-2026-32871 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-GHSA-C2JP-C369-7PVX GHSA-c2jp-c369-7pvx in rootio-fastmcp - Patched by Root

Root has patched GHSA-c2jp-c369-7pvx in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-62800 CVE-2025-62800 in rootio-fastmcp - Patched by Root

Root has patched CVE-2025-62800 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-69196 CVE-2025-69196 in rootio-fastmcp - Patched by Root

Root has patched CVE-2025-69196 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

CVE-2026-7213

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

CVE-2026-7213 ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

CVE-2026-7213

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

EUVD-2026-25966

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

PT-2026-35586

A vulnerability was detected in ef10007 MLOps MCP 1.0.0. This impacts an unknown function of the file fastmcp server.py of the component save file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now...

CVE-2025-64340

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

CVE-2026-27124

A flaw was found in FastMCP and FastMCP OAuthProxy. The OAuthProxy, used for GitHub OAuth authentication, does not properly validate a user's consent after receiving an authorization code from GitHub. This, combined with GitHub's behavior of skipping the consent page for previously authorized...

CVE-2026-32871

A flaw was found in FastMCP. An authenticated attacker can exploit a path traversal vulnerability in the buildurl method of the RequestDirector class. By manipulating path parameters in an OpenAPI operation, an attacker can use directory traversal sequences ../ to bypass the intended API prefix...

CVE-2026-27124

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

CVE-2025-64340

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

CVE-2026-27124

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

CVE-2026-27124 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

CVE-2026-27124 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...