Description
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. This issue has been patched in version 3.2.0.
Published: 2026-04-03
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Confused Deputy leading to unauthorized access
Action: Immediate Patch
AI Analysis

Impact

FastMCP, a framework for building MCP applications, was found to omit consent verification when handling OAuth callbacks from GitHub. Because GitHub suppresses the consent screen for clients that have previously been authorized, the OAuthProxy could accept an authorization code without confirming the user’s intent. This flaw creates a Confused Deputy scenario in which an attacker able to obtain a valid code may gain access to the FastMCP application without the user’s knowledge. The weakness is classified as CWE‑303 (Improper Management of Consent) and CWE‑441 (Insufficiently Verified Authorization).

Affected Systems

Any deployment of jlowin:FastMCP older than version 3.2.0 is affected. The vulnerability exists in the standard FastMCP OAuthProxy component that forwards GitHub OAuth requests. Systems running FastMCP versions 3.1.0 through 3.1.x, and any earlier releases, lack the required consent check and thus are susceptible.

Risk and Exploitability

The CVSS base score of 8.2 indicates high severity with potential for unauthorized access. The EPSS score below 1% suggests a low probability that this flaw is actively exploited at present, and the vulnerability is not listed in CISA’s KEV catalog. However, the attack vector is likely remote, dependent on the web-based OAuth flow, and would be feasible if an attacker can influence the OAuth authorization code exchange. Once exploited, the attacker could impersonate a legitimate user or obtain unintended privileges within the FastMCP server.

Generated by OpenCVE AI on April 7, 2026 at 01:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastMCP to version 3.2.0 or later to receive the fix for missing consent verification.

Generated by OpenCVE AI on April 7, 2026 at 01:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rww4-4w9c-7733 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
History

Wed, 22 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-303
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

threat_severity

Moderate

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Jlowin
Jlowin fastmcp
Vendors & Products Jlowin
Jlowin fastmcp

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. This issue has been patched in version 3.2.0.
Title FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
Weaknesses CWE-441
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jlowin Fastmcp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T16:44:20.749Z

Reserved: 2026-02-17T18:42:27.043Z

Link: CVE-2026-27124

cve-icon Vulnrichment

Updated: 2026-04-03T16:44:08.349Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:36.453

Modified: 2026-04-22T14:37:49.183

Link: CVE-2026-27124

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T15:22:17Z

Links: CVE-2026-27124 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:16:46Z

Weaknesses