PatchSiren

jlowin CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH jlowin CVE published 2026-03-16

CVE-2025-69196

CVE-2025-69196 is a high-severity vulnerability in FastMCP, a framework for building MCP applications. The issue allows an attacker to obtain a token for an MCP server by exploiting the improper handling of the resource parameter in authorization and token requests. This vulnerability has been patched in version 2.14.2. The CVSS score for this vulnerability is 7.4, indicating a high level of severity. The [truncated]