CVE-2026-32871 | PrefectHQ fastmcp up to 3.1.x Template String /api/v1/users/ _build_url server-side request forgery (GHSA-vv7q-7jx5-f767)
VulDBArchived Apr 02, 2026✓ Full text saved
A vulnerability classified as critical was found in PrefectHQ fastmcp up to 3.1.x . This issue affects the function _build_url of the file /api/v1/users/ of the component Template String Handler . Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-32871 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-354887 · CVE-2026-32871 · GHSA-VV7Q-7JX5-F767
PREFECTHQ FASTMCP UP TO 3.1.X TEMPLATE STRING /API/V1/USERS/ _BUILD_URL SERVER-SIDE REQUEST FORGERY
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
7.0 $0-$5k 0.25+
Summaryinfo
A vulnerability, which was classified as critical, has been found in PrefectHQ fastmcp up to 3.1.x. Impacted is the function _build_url of the file /api/v1/users/ of the component Template String Handler. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-32871. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
Detailsinfo
A vulnerability was found in PrefectHQ fastmcp up to 3.1.x. It has been rated as critical. This issue affects the function _build_url of the file /api/v1/users/ of the component Template String Handler. The manipulation with an unknown input leads to a server-side request forgery vulnerability. Using CWE to declare the problem leads to CWE-918. The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the _build_url() method. When an OpenAPI operation defines path parameters (e.g., /api/v1/users/{user_id}), the system directly substitutes parameter values into the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() resolves the final URL. Since urljoin() interprets ../ sequences as directory traversal, an attacker controlling a path parameter can perform path traversal attacks to escape the intended API prefix and access arbitrary backend endpoints. This results in authenticated SSRF, as requests are sent with the authorization headers configured in the MCP provider. This issue has been patched in version 3.2.0.
It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2026-32871 since 03/16/2026. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 3.2.0 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Productinfo
Vendor
PrefectHQ
Name
fastmcp
Version
3.0
3.1
License
open-source
Website
Product: https://github.com/PrefectHQ/fastmcp/
CPE 2.3info
🔒
🔒
CPE 2.2info
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3info
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Server-side request forgery
CWE: CWE-918
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: fastmcp 3.2.0
Patch: 40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71
Timelineinfo
03/16/2026 CVE reserved
04/02/2026 +16 days Advisory disclosed
04/02/2026 +0 days VulDB entry created
04/02/2026 +0 days VulDB entry last update
Sourcesinfo
Product: github.com
Advisory: GHSA-vv7q-7jx5-f767
Status: Confirmed
CVE: CVE-2026-32871 (🔒)
GCVE (CVE): GCVE-0-2026-32871
GCVE (VulDB): GCVE-100-354887
Entryinfo
Created: 04/02/2026 17:24
Changes: 04/02/2026 17:24 (73)
Complete: 🔍
Cache ID: 99:7E0:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸