Fastmcp
This hub aggregates every CVE we track for Fastmcp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
1
3
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Fastmcp.
- CVE-2026-27124FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities6.1
- CVE-2025-64340FastMCP has a Command Injection vulnerability - Gemini CLI6.7
- CVE-2026-32871FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability10.0
- CVE-2025-69196FastMCP OAuth Proxy token reuse across MCP servers6.5
- CVE-2025-62801FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name7.8
- CVE-2025-62800FastMCP vulnerable to reflected XSS in client's callback page6.1
Product normalization is registry-driven with AI assist and human review. How it works