CVE lookup
CVE-2026-32871
Pruva has a verified reproduction for CVE-2026-32871: FastMCP: path traversal to authenticated SSRF in OpenAPIProvider _build_url(). The canonical evidence record is REPRO-2026-00138.
REPRO
REPRO-2026-00138
Package
fastmcp · pip
Severity
HIGH
Status
published