HIGH
jlowin
CVE published 2026-03-16
CVE-2025-69196
CVE-2025-69196 is a high-severity vulnerability in FastMCP, a framework for building MCP applications. The issue allows an attacker to obtain a token for an MCP server by exploiting the improper handling of the resource parameter in authorization and token requests. This vulnerability has been patched in version 2.14.2. The CVSS score for this vulnerability is 7.4, indicating a high level of severity. The [truncated]