Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fastmcp — Vulnerabilities & Security Advisories 6

All 6 CVE vulnerabilities found in fastmcp, with AI-generated Chinese analysis, references, and POCs.

Vendor: jlowin

CVE IDTitleCVSSSeverityPublished
CVE-2026-27124 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities CWE-441 9.1AICriticalAI2026-04-03
CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI CWE-78 6.7 Medium2026-04-03
CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability CWE-918 9.1AICriticalAI2026-04-02
CVE-2025-69196 FastMCP OAuth Proxy token reuse across MCP servers CWE-863 5.3AIMediumAI2026-03-16
CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name CWE-78 9.8AICriticalAI2025-10-28
CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page CWE-79 6.1AIMediumAI2025-10-28

All 6 known CVE vulnerabilities affecting fastmcp with full Chinese analysis, references, and POCs where available.