fastmcp 2.14.6

Direct Vulnerabilities

Known vulnerabilities in the fastmcp package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Unintended Proxy or Intermediary ('Confused Deputy') fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') in the `OAuthProxy._handle_idp_callback` function. An attacker can gain unauthorized access to resources associated with another user's account by luring a victim to visit a crafted authorization URL, allowing the attacker to obtain a valid authorization code and access token for the victim's account. How to fix Unintended Proxy or Intermediary ('Confused Deputy')? Upgrade `fastmcp` to version 3.2.0 or higher.	[,3.2.0)
M Command Injection fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Command Injection via the subprocess-backed install commands. An attacker can execute arbitrary commands with the privileges of the user running the process by supplying a server name containing shell metacharacters, which are interpreted by the Windows command shell when invoking certain CLI wrappers. Note: This is only exploitable if the target CLI is installed as a `.cmd` wrapper on a Windows host. How to fix Command Injection? Upgrade `fastmcp` to version 3.2.0 or higher.	[,3.2.0)
C Server-side Request Forgery (SSRF) fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the `_build_url` function. An attacker can access unauthorized internal backend endpoints and perform actions with elevated privileges by supplying crafted path parameter values containing traversal sequences such as `../`, which are not properly URL-encoded and are resolved by the backend. This allows the attacker to bypass intended API restrictions and interact with sensitive endpoints using the provider's authentication context. Note: This is only exploitable if the attacker is an authorized client of the MCP server to trigger the OpenAPI operation. How to fix Server-side Request Forgery (SSRF)? Upgrade `fastmcp` to version 3.2.0 or higher.	[,3.2.0)

Vulnerability

Vulnerable Version

Unintended Proxy or Intermediary ('Confused Deputy')

fastmcp is a The fast, Pythonic way to build MCP servers and clients.

Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') in the OAuthProxy._handle_idp_callback function. An attacker can gain unauthorized access to resources associated with another user's account by luring a victim to visit a crafted authorization URL, allowing the attacker to obtain a valid authorization code and access token for the victim's account.

How to fix Unintended Proxy or Intermediary ('Confused Deputy')?

Upgrade fastmcp to version 3.2.0 or higher.

[,3.2.0)

Command Injection

fastmcp is a The fast, Pythonic way to build MCP servers and clients.

Affected versions of this package are vulnerable to Command Injection via the subprocess-backed install commands. An attacker can execute arbitrary commands with the privileges of the user running the process by supplying a server name containing shell metacharacters, which are interpreted by the Windows command shell when invoking certain CLI wrappers.

Note:

This is only exploitable if the target CLI is installed as a .cmd wrapper on a Windows host.

How to fix Command Injection?

Upgrade fastmcp to version 3.2.0 or higher.

[,3.2.0)

Server-side Request Forgery (SSRF)

fastmcp is a The fast, Pythonic way to build MCP servers and clients.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the _build_url function. An attacker can access unauthorized internal backend endpoints and perform actions with elevated privileges by supplying crafted path parameter values containing traversal sequences such as ../, which are not properly URL-encoded and are resolved by the backend. This allows the attacker to bypass intended API restrictions and interact with sensitive endpoints using the provider's authentication context.

Note:

This is only exploitable if the attacker is an authorized client of the MCP server to trigger the OpenAPI operation.

How to fix Server-side Request Forgery (SSRF)?

Upgrade fastmcp to version 3.2.0 or higher.

[,3.2.0)

fastmcp@2.14.6

The fast, Pythonic way to build MCP servers and clients.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically