CVE-2025-69196: FastMCP OAuth Proxy token reuse across MCP servers

March 16, 2026

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization.

Affected File: https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828

Affected Code:

self._jwt_issuer: JWTIssuer = JWTIssuer(
issuer=str(self.base_url),
audience=f"{str(self.base_url).rstrip('/')}/mcp",
signing_key=jwt_signing_key,
)

References

github.com/PrefectHQ/fastmcp
github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj
github.com/advisories/GHSA-5h2m-4q8j-pqpj
nvd.nist.gov/vuln/detail/CVE-2025-69196

Code Behaviors & Features

Detect and mitigate CVE-2025-69196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →