CVE-2026-32871

Source
https://cve.org/CVERecord?id=CVE-2026-32871
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32871.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32871
Aliases
Downstream
Published
2026-04-02T14:52:39.978Z
Modified
2026-07-10T03:54:52.077284484Z
Severity
  • 10.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
Summary
FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
Details

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the buildurl() method. When an OpenAPI operation defines path parameters (e.g., /api/v1/users/{user_id}), the system directly substitutes parameter values into the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() resolves the final URL. Since urljoin() interprets ../ sequences as directory traversal, an attacker controlling a path parameter can perform path traversal attacks to escape the intended API prefix and access arbitrary backend endpoints. This results in authenticated SSRF, as requests are sent with the authorization headers configured in the MCP provider. This issue has been patched in version 3.2.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32871.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/prefecthq/fastmcp

Affected ranges

Type
GIT
Repo
https://github.com/prefecthq/fastmcp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.4.0
v0.4.1
v1.*
v1.0
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.10.6
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.12.0rc1
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.13.0
v2.13.0.1
v2.13.0rc1
v2.13.0rc2
v2.13.0rc3
v2.13.1
v2.13.2
v2.14.0
v2.14.1
v2.2.0
v2.2.1
v2.2.10
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.0-rc.1
v2.3.0-rc.2
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.2
v3.*
v3.0.0
v3.0.0b1
v3.0.0b2
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32871.json"