PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-32871 PrefectHQ CVE debrief

CVE-2026-32871 is a critical vulnerability in the OpenAPIProvider of FastMCP, a Pythonic way to build MCP servers and clients. The vulnerability arises from the _build_url() method in the RequestDirector class, which fails to URL-encode path parameters when constructing HTTP requests to the backend service. This oversight enables attackers to perform path traversal attacks by manipulating path parameters, potentially leading to authenticated Server-Side Request Forgery (SSRF) attacks. The issue has been patched in version 3.2.0 of FastMCP.

Vendor
PrefectHQ
Product
fastmcp
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-02
Original CVE updated
2026-06-30
Advisory published
2026-04-02
Advisory updated
2026-06-30

Who should care

Users of FastMCP, especially those who have not upgraded to version 3.2.0, should be aware of this vulnerability. The vulnerability's critical severity (CVSS score of 10) indicates that it can be easily exploited and has a high impact on confidentiality, integrity, and availability. Security teams responsible for MCP servers and clients built with FastMCP should prioritize patching and monitoring for potential exploitation attempts.

Technical summary

The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class constructs HTTP requests to the backend service. A vulnerability exists in the _build_url() method, where path parameters are directly substituted into the URL template string without URL-encoding. This allows attackers to perform path traversal attacks, potentially leading to authenticated SSRF. The vulnerability is characterized by the following CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness associated with this vulnerability is CWE-918.

Defensive priority

High. Immediate patching to version 3.2.0 or later is recommended. In the meantime, defenders should monitor for suspicious activity and implement compensating controls to mitigate the risk of exploitation.

Recommended defensive actions

  • Upgrade FastMCP to version 3.2.0 or later.
  • Monitor for suspicious activity and potential exploitation attempts.
  • Implement compensating controls to mitigate the risk of SSRF attacks.
  • Review and update MCP server and client configurations to ensure secure usage.
  • Conduct regular security audits and vulnerability assessments.

Evidence notes

The CVE-2026-32871 vulnerability was publicly disclosed on April 2, 2026, and has since been modified on June 30, 2026. The vulnerability affects FastMCP versions prior to 3.2.0. The CVSS score of 10 indicates a critical severity level. The weakness associated with this vulnerability is CWE-918.

Official resources

This article is AI-assisted and based on the supplied source corpus.