Platform
python
Component
fastmcp
Fixed in
3.2.1
3.2.0
CVE-2026-32871 is a critical Path Traversal vulnerability affecting FastMCP versions up to 3.1.1. This flaw allows attackers to potentially access sensitive files on the server by manipulating path parameters within OpenAPI specifications. The vulnerability resides in the buildurl() method of the RequestDirector class. A fix is available in version 3.2.0.
The vulnerability stems from FastMCP's handling of path parameters in OpenAPI specifications. Specifically, the buildurl() method fails to properly URL-encode these parameters before constructing HTTP requests. This allows attackers to inject malicious sequences like ../ into the URL, effectively traversing directories outside the intended scope. Successful exploitation could lead to unauthorized access to configuration files, source code, or other sensitive data stored on the server. The impact is particularly severe given FastMCP's role in exposing internal APIs to MCP clients, potentially granting attackers a foothold into the broader system.
CVE-2026-32871 was publicly disclosed on 2026-03-31. The vulnerability's CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the ease of exploitation due to the lack of URL encoding makes it a likely target for attackers. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.35% (58% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade FastMCP to version 3.2.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. One approach is to implement strict input validation on all path parameters received from MCP clients, ensuring that they do not contain any potentially malicious characters or sequences like ../. Additionally, configure a Web Application Firewall (WAF) to block requests containing suspicious URL patterns. Monitor FastMCP logs for unusual activity, particularly requests containing encoded characters or directory traversal attempts. After upgrading, confirm the fix by attempting to access a file outside the intended directory via a manipulated path parameter; the request should be rejected.
Update the FastMCP library to version 3.2.0 or higher. This version fixes the SSRF and Path Traversal vulnerability. The update can be performed using the pip package manager: `pip install --upgrade fastmcp`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32871 is a critical vulnerability in FastMCP versions up to 3.1.1 that allows attackers to access arbitrary files through path traversal.
You are affected if you are using FastMCP versions 3.1.1 or earlier. Upgrade to 3.2.0 or later to mitigate the risk.
Upgrade FastMCP to version 3.2.0 or later. As a temporary workaround, implement strict input validation and consider using a WAF.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest it is a potential target for attackers.
Refer to the FastMCP project's official website or GitHub repository for the latest security advisories and release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.