SSRF in Prefecthq Fastmcp

CVE-2026-32871

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constru…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (19.8th percentile) — read the EPSS interpretation.

Affected products

Prefecthq Fastmcp — versions < 3.2.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767 (x_refsource_CONFIRM)
https://github.com/PrefectHQ/fastmcp/pull/3507 (x_refsource_MISC)
https://github.com/PrefectHQ/fastmcp/commit/40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71 (x_refsource_MISC)
https://github.com/PrefectHQ/fastmcp/releases/tag/v3.2.0 (x_refsource_MISC)