What is command injection?

Command injection is a security vulnerability that allows attackers to execute arbitrary commands on a server. It occurs when user input is not properly sanitized and is used to construct system commands. This can lead to unauthorized access, data breaches, and system compromise.

Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to make a server perform requests to an arbitrary domain of the attacker's choosing. This can be used to access internal resources, scan internal networks, or even exploit other vulnerabilities.

Why is patching FastMCP important?

FastMCP is a widely used component, and these vulnerabilities could have a significant impact if exploited. Patching ensures that your systems are protected against known attacks and reduces your overall security risk.

How can I verify that my FastMCP is patched?

After applying the patch, use the command `pip show fastmcp` to confirm that you are running version 3.2.0 or later. This will display the installed version and other package information.

NEXTGUARD

Back to blog

CVSS 9.5CVE-2025-64340CVE-2026-32871

Critical Vulnerabilities in FastMCP: Command Injection and SSRF

FastMCP versions <= 3.1.1 are vulnerable to command injection and SSRF. Patch immediately with 'pip install --upgrade fastmcp' to prevent exploitation. #CVE-2025-64340, #CVE-2026-32871

Published on April 7, 2026

Two critical vulnerabilities have been identified in FastMCP, a Python component. These vulnerabilities, CVE-2025-64340 (command injection) and CVE-2026-32871 (SSRF & Path Traversal), could allow attackers to execute arbitrary code and access sensitive data. Patches are available for both vulnerabilities.

CVE-2025-64340 has a CVSS score of 6.7 (Medium), indicating a moderate risk, while CVE-2026-32871 has a CVSS score of 9.5 (Critical), representing a high risk of exploitation.

What is FastMCP?

FastMCP is a Python component designed for managing and deploying microcloud providers (MCPs). It simplifies the process of installing and configuring MCP tools, enabling developers to quickly set up and test their cloud environments. This component is widely used in cloud development workflows, making these vulnerabilities particularly concerning. See all fastmcp CVEs for a comprehensive overview of past and present threats.

Command Injection Vulnerability in FastMCP Gemini CLI

CVSS6.7

Affected versionsWindows hosts running FastMCP versions less than or equal to 3.1.1 are affected. macOS and Linux systems are not affected, nor are installations using config-file-based targets.

CVSS 6.7 - Medium severity, impacting confidentiality and integrity.

This vulnerability affects approximately 2.8% of systems running FastMCP.

A command injection vulnerability exists when installing the `claude-code` or `gemini-cli` tools via `fastmcp install`. Server names containing shell metacharacters, such as `&`, can be exploited to execute arbitrary commands on Windows systems due to the use of `.cmd` wrappers.

How to fix CVE-2025-64340 in FastMCP

Patch immediately

1.Update FastMCP to version 3.2.0 or later.

Update FastMCP

pip install --upgrade fastmcp

Verify with:

verify

pip show fastmcp

Workaround: None

NextGuard automatically flags CVE-2025-64340 if FastMCP appears in any of your monitored projects — no manual lookup required.

SSRF & Path Traversal Vulnerability in FastMCP OpenAPI Provider

CVSS9.5

Affected versionsFastMCP versions less than or equal to 3.1.1 are affected. This vulnerability impacts the OpenAPIProvider component.

CVSS 9.5 - Critical severity, allowing for unauthorized access and potential data exfiltration.

This vulnerability affects approximately 26.8% of systems running FastMCP.

The FastMCP OpenAPI Provider is vulnerable to Server-Side Request Forgery (SSRF) and Path Traversal due to insecure URL handling. Path parameters in OpenAPI specifications are directly substituted into URLs without proper encoding, allowing attackers to bypass API restrictions and access internal endpoints.

How to fix CVE-2026-32871 in FastMCP

Patch immediately

1.Update FastMCP to version 3.2.0 or later.

Update FastMCP

pip install --upgrade fastmcp

Verify with:

verify

pip show fastmcp

Workaround: None

NextGuard automatically flags CVE-2026-32871 if FastMCP appears in any of your monitored projects — no manual lookup required.

Stay ahead of Python vulnerabilities

Proactively identify and address security risks in your Python projects. Regular vulnerability scanning and dependency updates are essential for maintaining a secure development environment. monitor your python dependencies to ensure you're always protected.

Compare Your Dependencies

Frequently asked questions

The vulnerabilities in FastMCP highlight the importance of secure coding practices and regular dependency updates. By promptly applying the available patches, you can significantly reduce your risk of exploitation. See all python vulnerabilities to stay informed about emerging threats.