There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416.
FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.
phvalguima Reporter
There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416.
FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.