CVE-2025-69196 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted…
High CVSS: 7.4

CVE-2025-69196

FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2.
Vendor
Jlowin
Product
Fastmcp
CWE
CWE-863
Yayın Tarihi
2026-03-16 19:16:14
Güncelleme
2026-03-18 15:11:04
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-863 Fastmcp HIGH Jlowin 2026

Referanslar

https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj