CVE-2026-27124: CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') in jlowin fastmcp
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. This issue has been patched in version 3.2.0.
AI Analysis
Technical Summary
FastMCP is a framework for building MCP applications. In versions before 3.2.0, the OAuthProxy component used for GitHub OAuth authentication does not correctly verify that the user has consented when processing the authorization code returned by GitHub. GitHub's behavior of bypassing the consent page for clients that have already been authorized leads to a Confused Deputy vulnerability (CWE-441), where the OAuthProxy may be tricked into acting on behalf of a user without proper consent. This issue was discovered during testing and fixed in FastMCP version 3.2.0.
Potential Impact
An attacker could exploit this vulnerability to misuse the OAuthProxy component to perform actions on behalf of users without their explicit consent. This could lead to unauthorized access or actions within the FastMCP MCP server environment. The CVSS 4.0 score of 8.2 indicates a high impact with network attack vector, low attack complexity, no privileges required, and no user interaction needed.
Mitigation Recommendations
This vulnerability has been patched in FastMCP version 3.2.0. Users and administrators should upgrade to version 3.2.0 or later to remediate this issue. No other mitigation guidance is provided or necessary given the availability of an official fix.
CVE-2026-27124: CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') in jlowin fastmcp
Description
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. This issue has been patched in version 3.2.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FastMCP is a framework for building MCP applications. In versions before 3.2.0, the OAuthProxy component used for GitHub OAuth authentication does not correctly verify that the user has consented when processing the authorization code returned by GitHub. GitHub's behavior of bypassing the consent page for clients that have already been authorized leads to a Confused Deputy vulnerability (CWE-441), where the OAuthProxy may be tricked into acting on behalf of a user without proper consent. This issue was discovered during testing and fixed in FastMCP version 3.2.0.
Potential Impact
An attacker could exploit this vulnerability to misuse the OAuthProxy component to perform actions on behalf of users without their explicit consent. This could lead to unauthorized access or actions within the FastMCP MCP server environment. The CVSS 4.0 score of 8.2 indicates a high impact with network attack vector, low attack complexity, no privileges required, and no user interaction needed.
Mitigation Recommendations
This vulnerability has been patched in FastMCP version 3.2.0. Users and administrators should upgrade to version 3.2.0 or later to remediate this issue. No other mitigation guidance is provided or necessary given the availability of an official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-17T18:42:27.043Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69cfdd290a160ebd923d52c1
Added to database: 4/3/2026, 3:30:49 PM
Last enriched: 4/3/2026, 3:45:46 PM
Last updated: 4/3/2026, 8:07:54 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.