PatchSiren cyber security CVE debrief
CVE-2026-32871 PrefectHQ CVE debrief
CVE-2026-32871 is a critical vulnerability in the OpenAPIProvider of FastMCP, a Pythonic way to build MCP servers and clients. The vulnerability arises from the _build_url() method in the RequestDirector class, which fails to URL-encode path parameters when constructing HTTP requests to the backend service. This oversight enables attackers to perform path traversal attacks by manipulating path parameters, potentially leading to authenticated Server-Side Request Forgery (SSRF) attacks. The issue has been patched in version 3.2.0 of FastMCP.
- Vendor
- PrefectHQ
- Product
- fastmcp
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-02
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-02
- Advisory updated
- 2026-06-30
Who should care
Users of FastMCP, especially those who have not upgraded to version 3.2.0, should be aware of this vulnerability. The vulnerability's critical severity (CVSS score of 10) indicates that it can be easily exploited and has a high impact on confidentiality, integrity, and availability. Security teams responsible for MCP servers and clients built with FastMCP should prioritize patching and monitoring for potential exploitation attempts.
Technical summary
The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class constructs HTTP requests to the backend service. A vulnerability exists in the _build_url() method, where path parameters are directly substituted into the URL template string without URL-encoding. This allows attackers to perform path traversal attacks, potentially leading to authenticated SSRF. The vulnerability is characterized by the following CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness associated with this vulnerability is CWE-918.
Defensive priority
High. Immediate patching to version 3.2.0 or later is recommended. In the meantime, defenders should monitor for suspicious activity and implement compensating controls to mitigate the risk of exploitation.
Recommended defensive actions
- Upgrade FastMCP to version 3.2.0 or later.
- Monitor for suspicious activity and potential exploitation attempts.
- Implement compensating controls to mitigate the risk of SSRF attacks.
- Review and update MCP server and client configurations to ensure secure usage.
- Conduct regular security audits and vulnerability assessments.
Evidence notes
The CVE-2026-32871 vulnerability was publicly disclosed on April 2, 2026, and has since been modified on June 30, 2026. The vulnerability affects FastMCP versions prior to 3.2.0. The CVSS score of 10 indicates a critical severity level. The weakness associated with this vulnerability is CWE-918.
Official resources
-
CVE-2026-32871 CVE record
CVE.org
-
CVE-2026-32871 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.