CVE-2026-32871
Path Traversal in FastMCP OpenAPIProvider Enables Authenticated SSRF
Publication date: 2026-04-02
Last updated on: 2026-04-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jlowin | fastmcp | to 3.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32871 is a security vulnerability in the FastMCP OpenAPI Provider, specifically in the RequestDirector class's _build_url() method. The issue arises because path parameters in OpenAPI requests are directly substituted into URL templates without proper URL encoding. This allows an attacker who controls a path parameter to inject path traversal sequences like "../". When the system uses Python's urllib.parse.urljoin() to resolve the final URL, these sequences are interpreted as directory traversal, enabling the attacker to escape the intended API prefix.
As a result, the attacker can access arbitrary backend endpoints that were not meant to be exposed. Since the requests are sent with the authorization headers configured in the MCP provider, this leads to authenticated Server-Side Request Forgery (SSRF). The vulnerability was patched in FastMCP version 3.2.0 by ensuring all path parameters are fully URL-encoded, including dots, to prevent traversal.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to private backend endpoints that are not exposed in the OpenAPI specification. Attackers can perform privilege escalation by leveraging the MCP provider's authentication context, effectively bypassing access controls.
- Access to administrative panels or sensitive internal APIs.
- Data exfiltration or theft of sensitive information.
- Lateral movement within internal services, potentially compromising other systems.
- Service disruption or triggering destructive actions on backend services.
- Credential extraction due to authenticated SSRF requests.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves path traversal and SSRF attacks via crafted path parameters in FastMCP versions prior to 3.2.0. Detection involves monitoring for suspicious HTTP requests where path parameters contain traversal sequences such as "../", "..%2F", or other encoded traversal patterns.
You can detect exploitation attempts by inspecting logs or network traffic for requests to FastMCP backend APIs where path parameters include directory traversal patterns that escape the intended API prefix.
- Use network monitoring tools or packet capture (e.g., tcpdump, Wireshark) to filter HTTP requests with suspicious path parameters containing "../" or encoded equivalents.
- Search application logs for URL paths with unusual traversal sequences, for example, using grep:
- grep -E '\.\./|%2E%2E|%2F' /path/to/fastmcp/logs/access.log
- If you have access to the FastMCP server, you can also monitor for unexpected backend API calls that do not conform to the OpenAPI specification paths.
Since the vulnerability allows authenticated SSRF, monitoring for unusual outbound HTTP requests from the FastMCP server to internal endpoints with authorization headers may also help detect exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-32871 enables attackers to perform authenticated Server-Side Request Forgery (SSRF) and path traversal attacks, allowing unauthorized access to arbitrary backend endpoints with the MCP provider's authorization context.
Such unauthorized access can lead to exposure or exfiltration of sensitive data, privilege escalation, and disruption of services.
These impacts can violate common compliance requirements in standards and regulations like GDPR and HIPAA, which mandate protection of personal data, prevention of unauthorized access, and maintaining data confidentiality and integrity.
Therefore, if exploited, this vulnerability could cause non-compliance with these regulations due to potential data breaches and unauthorized access to protected information.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade FastMCP to version 3.2.0 or later, where this vulnerability has been patched.
The patch ensures that all path parameters in OpenAPI requests are fully URL-encoded, including dots, preventing path traversal and SSRF attacks.
- Upgrade FastMCP to version 3.2.0 or newer immediately.
- If upgrading is not immediately possible, implement strict input validation or filtering on path parameters to block traversal sequences such as "../" or encoded equivalents.
- Restrict network access to the FastMCP backend APIs to trusted clients only.
- Monitor and audit logs for suspicious requests as a temporary detection measure.
Applying these steps will reduce the risk of exploitation until the official patch can be deployed.