5 matches found
GHSA-RJ5C-58RQ-J5G5 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Summary A command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details 1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string...
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Summary A command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details 1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string...
CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...
CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...
CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...