Every CVE whose affected-product data names Jlowin Fastmcp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2026-32871 — CVSS 10.0 (critical): FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to…
CVE-2025-62801 — CVSS 7.8 (high): FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any…
CVE-2025-64340 — CVSS 6.7 (medium): FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters…
CVE-2025-69196 — CVSS 6.5 (medium): FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource…
CVE-2025-62800 — CVSS 6.1 (medium): FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting…
CVE-2026-27124 — CVSS 6.1 (medium): FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth…