Command Injection

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Command Injection via the subprocess-backed install commands. An attacker can execute arbitrary commands with the privileges of the user running the process by...

aa-rag (=0.4.3), acex (>=3.0.0 <=5.24.4) +814 more potentially affected by CVE-2025-64340 via fastmcp (>=0.1.0 <=3.1.1)

fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.1.7, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.4 and more Source cves: CVE-2025-64340 Source advisory: OSV:GHSA-M8X7-R2RG-VH5G...

PT-2026-29413

Server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are...

Security Bulletin: Command Injection Vulnerability in FastMCP server_name Field Enables Arbitrary Command Execution on Windows affects watsonx.data

Summary FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This can affect...

CVE-2025-69196

A flaw was found in FastMCP, a framework for building MCP applications. The server does not correctly process the resource parameter provided by the client during authorization and token requests. This can lead to security tokens being issued for an unintended base URL Uniform Resource Locator...

aenvironment (=0.1.7rc1), agent-mcp-server (=0.0.4.0) +256 more potentially affected by CVE-2025-69196 via fastmcp (>=2.0.0 <=2.14.1)

fastmcp PYPI version =2.0.0, =0.4.6, =1.8.0, =0.1.1, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.1.0, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =1.8.3 and more Source cves: CVE-2025-69196 Source advisory: SNYK:PYTHON-FASTMCP-15674454...

Incorrect Authorization

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of the resource parameter in the authorization and token request processes. An attacker can gain unauthorized access ...

CVE-2025-69196 FastMCP OAuth Proxy token reuse across MCP servers

FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for...

CVE-2025-69196

The GHSA advisory GHSA-5H2M-4Q8J-PQPJ describes a misconfiguration in FastMCP OAuth Proxy where the token issuer/audience are derived from the proxy’s base_url, causing access and refresh tokens to be issued without binding to the requested MCP server resource. This means tokens can be used on ot...

CVE-2025-69196 FastMCP OAuth Proxy token reuse across MCP servers

FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for...

CVE-2025-69196 FastMCP OAuth Proxy token reuse across MCP servers

FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for...

GHSA-5H2M-4Q8J-PQPJ FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the baseurl passed to...

aenvironment (=0.1.7rc1), agent-mcp-server (=0.0.4.0) +301 more potentially affected by CVE-2025-69196 via fastmcp (>=0.1.0 <=2.14.1)

fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =0.1.1, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.1.0, =0.2.7, =1.0.0rc1, =0.2.7, =0.3.1 and more Source cves: CVE-2025-69196 Source advisory: OSV:GHSA-5H2M-4Q8J-PQPJ...

FastMCP 安全漏洞

FastMCP is a MCP server-building software developed by Jeremiah Lowin. Versions of FastMCP prior to 2.14.2 contained security vulnerabilities. These vulnerabilities stemmed from servers failing to properly handle resource parameters submitted by clients during authorization and token requests. As...

CVE-2025-69196

creationtimestamp| type| source ---|---|--- 2026-03-15 18:01:33+00:00| published-proof-of-concept| https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj...

@anngdinh/remote-mcp-server-authless (=0.0.0), @aredes.me/mcp-camara (=1.0.6) +140 more potentially affected by unknown CVE via agents (>=0.0.100 <=0.2.35)

agents NPM version =0.0.100, =0.4.0, =1.1.1, =0.1.0, =0.2.0, =0.1.0, =0.0.1, =1.0.2, =1.0.1, =1.0.27 - @famma/mcp-auth =0.0.4 and more Source cves: unknown CVE Source advisory: SNYK:JS-AGENTS-15282793...

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions 1.23 that were vulnerable to CVE-2025-66416. Users should upgrad...

GHSA-RCFX-77HG-W2WV FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions 1.23 that were vulnerable to CVE-2025-66416. Users should upgrad...

EUVD-2025-205459

FastMCP updated to MCP 1.23+ due to CVE-2025-66416...

aenvironment (=0.1.7rc1), agentfetch-mcp (>=1.0.0 <=1.0.1) +291 more potentially affected by CVE-2025-66416 via fastmcp (>=0.1.0 <=2.13.3)

fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =0.1.1, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.1.0, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =1.8.3 and more Source cves: CVE-2025-66416 Source advisory: OSV:GHSA-RCFX-77HG-W2WV...