CVE-2026-27124

MEDIUM

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Title source: cna

Description

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. This issue has been patched in version 3.2.0.

References (1)

[X_Refsource_Confirm] https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-rww4-4w9c-7733

Scores

CVSS v3 6.1

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-441

Status published

Products (2)

jlowin/fastmcp < 3.2.0 (2 CPE variants)

pypi/fastmcp 0 - 3.2.0PyPI

Published Apr 03, 2026

Tracked Since Apr 03, 2026