Description
FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2.
Published: 2026-03-16
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Token misuse across MCP servers
Action: Patch Immediately
AI Analysis

Impact

FastMCP is a framework for building MCP applications. The vulnerability lies in the OAuthProxy initialization, where the authorization and token requests ignore the resource parameter supplied by the client. As a result, tokens issued are tied to the base_url rather than the intended MCP server, allowing tokens issued for one server to be reused against another. This can enable an adversary to access resources or perform actions on other MCP servers without proper authorization. The weakness corresponds to CWE-1220 (Improper Authorization) and CWE-863 (Missing Authorization Check).

Affected Systems

Affected vendor: jlowin:fastmcp. All releases prior to 2.14.2 are impacted. The issue is fixed in FastMCP 2.14.2 and later. The relevant CPE is cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity, while an EPSS of less than 1% suggests exploitation is currently rare. The vulnerability is not listed in the KEV catalog. An attacker likely needs network access to a client that can request tokens and supply fabricated resource parameters; no privileged access is required, making it relatively simple if such access is available. The impact of unauthorized cross‑server access is significant, resulting in a high overall risk.

Generated by OpenCVE AI on March 18, 2026 at 16:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to FastMCP 2.14.2 or later

Generated by OpenCVE AI on March 18, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5h2m-4q8j-pqpj FastMCP OAuth Proxy token reuse across MCP servers
History

Wed, 18 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Wed, 18 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

threat_severity

Important

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jlowin
Jlowin fastmcp
Vendors & Products Jlowin
Jlowin fastmcp

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2.
Title FastMCP OAuth Proxy token reuse across MCP servers
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 7.4, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jlowin Fastmcp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T19:09:43.436Z

Reserved: 2025-12-29T14:34:16.261Z

Link: CVE-2025-69196

cve-icon Vulnrichment

Updated: 2026-03-16T19:09:36.408Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T19:16:14.397

Modified: 2026-03-18T15:11:04.733

Link: CVE-2025-69196

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-16T18:07:06Z

Links: CVE-2025-69196 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:50:01Z

Weaknesses