AIKIDO-2026-535246
fastmcp-slim is vulnerable to Denial of Service (DoS)
35
Low Risk
This Affects:
fastmcp-slimTL;DR
The experimental CodeMode transform runs LLM-generated Python in a MontySandboxProvider sandbox and exposes an execute tool that can chain call_tool() calls. Before the fix, CodeMode() and MontySandboxProvider() defaulted to uncapped execution time, memory, and per-execution tool calls, so a single request could run indefinitely or fan out into unbounded backend work. Cancelled client connections could also leave sandbox threads running after the caller disconnected. The patch applies conservative default sandbox limits, caps tool calls per execute block, and cancels the sandbox future when the surrounding task is cancelled.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and expose the experimental CodeMode transform on an MCP server reachable by untrusted or LLM-driven clients.
Background info
fastmcp-slim is vulnerable to Denial of Service (DoS) in versions 3.3.0 - 3.3.1.
How to fix this
Upgrade the fastmcp-slim library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant