Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
fastmcp 0.3.2 | Vulnerabilities | Sonatype Guide
pypi
fastmcp
0.3.2
fastmcp 0.3.2
Published
Dec 1, 2024
•
Policy
compliance
pypi Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
96
Versions
96
Vulnerabilities
5
Vulnerabilities
5
Dependencies
6
Dependencies
6
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(2)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.7
CVE-2025-64340
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters (e.g., &) can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run() with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are executed through cmd.exe, which interprets metacharacters in the flattened command string. This issue has been patched in version 3.2.0.
affected
Severity
Medium
Published
Apr 1, 2026
6.5
CVE-2025-69196
FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2.
affected
Severity
Medium
Published
Mar 17, 2026
