CVE-2026-27124

Name of the Vulnerable Software and Affected Versions: FastMCP versions prior to 3.2.0

Description: FastMCP is susceptible to a Confused Deputy issue within its GitHubProvider OAuth integration. The OAuthProxy component fails to properly validate user consent when receiving authorization codes from GitHub. This, combined with GitHub's practice of skipping consent pages for previously authorized clients, allows an attacker to potentially gain unauthorized access to a victim's account. An attacker initiates an authentication flow, captures the GitHub authorization URL, and then lures a victim who is already logged into GitHub and has previously authorized a client to open this URL. The victim's browser is then redirected to the attacker's client with a valid authorization code, enabling the attacker to obtain an access token for the benign MCP server associated with the victim's GitHub account. The vulnerable component is the OAuthProxy. handle idp callback function. The issue stems from the OAuthProxy callback handler not verifying that the browser issuing the callback request is the same one that provided consent.

Recommendations: Update to FastMCP version 3.2.0 or later.