Skip to content

CVE lookup

CVE-2026-32871

Pruva has a verified reproduction for CVE-2026-32871: FastMCP: path traversal to authenticated SSRF in OpenAPIProvider _build_url(). The canonical evidence record is REPRO-2026-00138.

REPRO

REPRO-2026-00138

Package

fastmcp · pip

Severity

HIGH

Status

published