pkg:PyPI/fastmcp

6 total CVEsCRITICAL1MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-32871FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
    from 0, < 3.2.0
  • MEDIUM6.7CVE-2025-64340FastMCP has a Command Injection vulnerability - Gemini CLI
    from 0, < 3.2.0
  • CVE-2026-27124FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
    from 0, < 3.2.0
  • CVE-2025-69196FastMCP OAuth Proxy token reuse across MCP servers
    from 0, < 2.14.2
  • CVE-2025-62801FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
    from 0, < 2.13.0
  • CVE-2025-62800FastMCP vulnerable to reflected XSS in client's callback page
    from 0, < 2.13.0