Publish GHSA-m8x7-r2rg-vh5g

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-m8x7-r2rg-vh5g/GHSA-m8x7-r2rg-vh5g.json

@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m8x7-r2rg-vh5g",
+  "modified": "2026-03-31T22:24:15Z",
+  "published": "2026-03-31T22:24:15Z",
+  "aliases": [
+    "CVE-2025-64340"
+  ],
+  "summary": "FastMCP has a Command Injection vulnerability - Gemini CLI",
+  "details": "Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string.\n\nPoC:\n```python\nfrom fastmcp import FastMCP\n\nmcp = FastMCP(name=\"test&calc\")\n\n@mcp.tool\ndef roll_dice(n_dice: int) -> list[int]:\n    \"\"\"Roll `n_dice` 6-sided dice and return the results.\"\"\"\n    return [random.randint(1, 6) for _ in range(n_dice)]\n```\n\n```\nfastmcp install claude-code server.py   # or: fastmcp install gemini-cli server.py\n```\n\nOn Windows, this opens Calculator via the `&calc` in the server name.\n\nImpact:\nArbitrary command execution with the privileges of the user running `fastmcp install`. Affects Windows hosts where the target CLI (one of claude, gemini) is installed as a `.cmd` wrapper. Does not affect macOS/Linux, and does not affect config-file-based install targets (cursor, goose, mcp-json).\n\nPatched in #3522 by validating server names to reject shell metacharacters.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "fastmcp"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.2.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-m8x7-r2rg-vh5g"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jlowin/fastmcp/security/advisories/GHSA-m8x7-r2rg-vh5g"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/PrefectHQ/fastmcp/pull/3522"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/PrefectHQ/fastmcp"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T22:24:15Z",
+    "nvd_published_at": null
+  }
+}