CVE-2026-32871P2CRITICALCVSS 10.0fixed in 3.2.02026-04-02
CVE-2026-32871 [CRITICAL] CWE-918 CVE-2026-32871: FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvi
FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the _build_url() method. When an OpenAPI
nvd