CVE-2026-27124

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

CVE-2025-64340

FastMCP (the MCP framework) is affected prior to version 3.2.0. A vulnerability arises when server names contain shell metacharacters (for example, &); this can trigger command injection on Windows during fastmcp install claude-code or fastmcp install gemini-cli. The install commands use subproce...

CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

FastMCP 操作系统命令注入漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained an operating system command injection vulnerability. This vulnerability could be exploited when a server name containing a shell metacharacter was used; commands could be executed o...

FastMCP 安全漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained security vulnerabilities; these vulnerabilities stemmed from incorrect user authorization verification by OAuthProxy, which could lead to rogue agent attacks...

CVE-2026-32871

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...

CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...

CVE-2026-32871

CVE-2026-32871 affects FastMCP’s OpenAPIProvider in the FastMCP package (prior to 3.2.0). The root cause is that the _build_url() function substitutes path parameters directly into the URL without URL-encoding, and then urllib.parse.urljoin() interprets any embedded “../” as a directory traversal...

CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...

FastMCP 安全漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of URL encoding for path parameters, which could lead to credential-stealing request forge attacks...

aa-rag (=0.4.3), acex (>=3.0.0 <=5.24.4) +814 more potentially affected by CVE-2026-32871 via fastmcp (>=0.1.0 <=3.1.1)

fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.1.7, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.4 and more Source cves: CVE-2026-32871 Source advisory: OSV:GHSA-VV7Q-7JX5-F767...

acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +62 more potentially affected by CVE-2026-32871 via fastmcp (>=3.0.0 <=3.1.1)

fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.2.0, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.5.12b18, =0.5.12b19 - efn-mcp =0.1.0 and more Source cves: CVE-2026-32871 Source advisory: SNYK:PYTHON-FASTMCP-15871014...

Server-side Request Forgery (SSRF)

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the buildurl function. An attacker can access unauthorized internal backend endpoints and perform actions with elevated privileges...

GHSA-VV7Q-7JX5-F767 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the buildurl method. When an OpenAPI...

aa-rag (=0.4.3), acex (>=3.0.0 <=5.24.4) +814 more potentially affected by CVE-2026-27124 via fastmcp (>=0.1.0 <=3.1.1)

fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.1.7, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.4 and more Source cves: CVE-2026-27124 Source advisory: OSV:GHSA-RWW4-4W9C-7733...

acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +62 more potentially affected by CVE-2026-27124 via fastmcp (>=3.0.0 <=3.1.1)

fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.2.0, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.5.12b18, =0.5.12b19 - efn-mcp =0.1.0 and more Source cves: CVE-2026-27124 Source advisory: SNYK:PYTHON-FASTMCP-15871030...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the OAuthProxy.handleidpcallback function. An attacker can gain unauthorized access to resources associated with...

aa-rag (=0.4.3), acex (>=3.0.0 <=5.24.4) +814 more potentially affected by CVE-2025-64340 via fastmcp (>=0.1.0 <=3.1.1)

fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.1.7, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.4 and more Source cves: CVE-2025-64340 Source advisory: OSV:GHSA-M8X7-R2RG-VH5G...

acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +62 more potentially affected by CVE-2025-64340 via fastmcp (>=3.0.0 <=3.1.1)

fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.2.0, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.5.12b18, =0.5.12b19 - efn-mcp =0.1.0 and more Source cves: CVE-2025-64340 Source advisory: SNYK:PYTHON-FASTMCP-15871029...