CVE-2026-27124: FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

March 31, 2026 (updated April 6, 2026)

While testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user’s consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability.

References

github.com/PrefectHQ/fastmcp
github.com/PrefectHQ/fastmcp/security/advisories/GHSA-rww4-4w9c-7733
github.com/advisories/GHSA-rww4-4w9c-7733
github.com/jlowin/fastmcp/security/advisories/GHSA-rww4-4w9c-7733
nvd.nist.gov/vuln/detail/CVE-2026-27124

Code Behaviors & Features

Detect and mitigate CVE-2026-27124 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →