Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10826

fastmcp is vulnerable to Confused Deputy

Confused Deputy Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published May 19, 2026

71

High Risk

This Affects:

PYTHONfastmcp
3.2.0 - 3.2.4
Fixed in 3.3.0
Are you affected? Scan for Free

TL;DR

The OAuth proxy consent screen can silently reuse remembered approvals in configuration modes where that shortcut is enabled. Cross-site navigations into the authorize endpoint could previously hit that silent path without proving a same-client browsing context. The handler now treats Sec-Fetch-Site as a gate and drops to the interactive prompt when the navigation looks cross-site or the header is absent, so a third-party authorization server or crafted redirect cannot auto-approve on the user’s behalf. Approval cookies for future visits are only written when the remembered-consent mode is actually enabled.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

fastmcp is vulnerable to Confused Deputy in versions 3.2.0 - 3.2.4.

How to fix this

Upgrade the fastmcp library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done