13 matches found
FastMCP 操作系统命令注入漏洞
FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained an operating system command injection vulnerability. This vulnerability could be exploited when a server name containing a shell metacharacter was used; commands could be executed o...
CVE-2026-32871
FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...
aa-rag (=0.4.3), acex (>=3.0.0 <=5.19.7) +799 more potentially affected by CVE-2026-32871 via fastmcp (>=0.1.0 <=3.1.1)
fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.2.6, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.3 and more Source cves: CVE-2026-32871 Source advisory: OSV:GHSA-VV7Q-7JX5-F767...
acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +58 more potentially affected by CVE-2026-32871 via fastmcp (>=3.0.0 <=3.1.1)
fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.6.1, =0.6.1, =0.6.12 and more Source cves: CVE-2026-32871 Source advisory: SNYK:PYTHON-FASTMCP-15871014...
aa-rag (=0.4.3), acex (>=3.0.0 <=5.19.7) +799 more potentially affected by CVE-2026-27124 via fastmcp (>=0.1.0 <=3.1.1)
fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.2.6, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.3 and more Source cves: CVE-2026-27124 Source advisory: OSV:GHSA-RWW4-4W9C-7733...
acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +58 more potentially affected by CVE-2026-27124 via fastmcp (>=3.0.0 <=3.1.1)
fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.6.1, =0.6.1, =0.6.12 and more Source cves: CVE-2026-27124 Source advisory: SNYK:PYTHON-FASTMCP-15871030...
acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +58 more potentially affected by CVE-2025-64340 via fastmcp (>=3.0.0 <=3.1.1)
fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.6.1, =0.6.1, =0.6.12 and more Source cves: CVE-2025-64340 Source advisory: SNYK:PYTHON-FASTMCP-15871029...
agent-mcp-server (=0.0.4.0), agentfetch-mcp (>=1.0.0 <=1.0.1) +307 more potentially affected by CVE-2025-69196 via fastmcp (>=0.1.0 <=2.14.1)
fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =0.1.1, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.1.0, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =1.8.3 and more Source cves: CVE-2025-69196 Source advisory: OSV:GHSA-5H2M-4Q8J-PQPJ...
agentfetch-mcp (>=1.0.0 <=1.0.1), agentic-ai-engineering-course (>=0.4.6 <=0.4.7) +217 more potentially affected by CVE-2025-62801 via fastmcp (>=0.1.0 <=2.12.5)
fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =0.1.12, =0.9.30, =0.14.3, =0.18.5 and more Source cves: CVE-2025-62801 Source advisory: OSV:GHSA-RJ5C-58RQ-J5G5...
agentfetch-mcp (>=1.0.0 <=1.0.1), agentic-ai-engineering-course (>=0.4.6 <=0.4.7) +217 more potentially affected by CVE-2025-62800 via fastmcp (>=0.1.0 <=2.12.5)
fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =0.1.12, =0.9.30, =0.14.3, =0.18.5 and more Source cves: CVE-2025-62800 Source advisory: OSV:GHSA-MXXR-JV3V-6PGC...
agentfetch-mcp (>=1.0.0 <=1.0.1), agentic-ai-engineering-course (>=0.4.6 <=0.4.7) +217 more potentially affected by unknown CVE via fastmcp (>=0.1.0 <=2.12.5)
fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =0.1.12, =0.9.30, =0.14.3, =0.18.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C2JP-C369-7PVX...
agentic-ai-engineering-course (>=0.4.6 <=0.4.7), agentsphere-mcp-server (>=1.8.0 <=1.9.1) +171 more potentially affected by unknown CVE via fastmcp (>=2.0.0 <=2.12.5)
fastmcp PYPI version =2.0.0, =0.4.6, =1.8.0, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =0.1.12, =0.9.30, =0.14.3, =0.9.4, =0.17.7 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-FASTMCP-13776148...
PT-2025-44218
Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, contains a command-injection issue. An attacker who can control the server name field of an MCP can execute arbitrary OS commands on Windows hosts...