R0idamcp

r0idamcp is a SSE protocal MCP server IDA pro plugin designed for automatic reverse engineering with LLM assistant

StaleNot tested

AI / ML

★ 77PyPI GitHub

44No CVEsstaleMIT

Quick Install

{
  "mcpServers": {
    "r0idamcp": {
      "url": "http://192.168.1.2:26868/sse",
      "type": "sse"
    }
  }
}

Setup guide

Should you use this server?

r0idamcp is a SSE protocal MCP server IDA pro plugin designed for automatic reverse engineering with LLM assistant

✓

Is it safe?

No known CVEs for fastmcp. 8 previously resolved.

No authentication — any process on your machine can connect.

MIT. View license →

Is it maintained?

Last commit 324 days ago. 77 stars.

Will it work with my client?

Transport: sse, http. Compatibility not confirmed.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx fastmcp 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

44C

Last scored just now

How we score →

Security

23/30

No open vulnerabilities. 8 fixed CVEs.

✓

Known CVEs — No known CVEs for fastmcpcheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — found on deps.dev, recently updated

✓

License — License: MIT

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 8 fixed)

mediumCVSS 4CVE-2026-32871Fixed

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0Published Mar 31, 2026source \u2192

infoCVE-2026-27124Fixed

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0Published Mar 31, 2026source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

lowCVSS 3.1CVE-2025-64340Fixed

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0Published Mar 31, 2026source \u2192

mediumCVSS 4CVE-2025-69196Fixed

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2Published Mar 16, 2026source \u2192

infoGHSA-rcfx-77hg-w2wvFixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0Published Dec 26, 2025source \u2192

mediumCVSS 4CVE-2025-62801Fixed

FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name

### Summary A command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor ### Details 1. generate_cursor_deeplink(server_name, …) embeds server_name verbatim in a cursor://…?name= query string. 2. open_deeplink() is invoked with shell=True only on Windows. That calls cmd.exe /c start <deeplink>. 3. Any cmd metacharacter inside server_name (&, |, >, ^, …) escapes the start comma

Affected: >= 0Fixed in 2.13.0Published Oct 29, 2025source \u2192

mediumCVSS 4CVE-2025-62800Fixed

FastMCP vulnerable to reflected XSS in client's callback page

### Summary While setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability. ### Details The affected code is located in *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/client/oauth_callback.py*, which embeds all values passed to the `create_callback_html` function via the `message` parameter it into the callback pag

Affected: >= 0Fixed in 2.13.0Published Oct 29, 2025source \u2192

mediumCVSS 4GHSA-c2jp-c369-7pvxFixed

FastMCP Auth Integration Allows for Confused Deputy Account Takeover

### Summary FastMCP documentation [covers the scenario](https://gofastmcp.com/integrations/azure) where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration (DCR), the FastMCP-hosted MCP server is acting as the authorization provider, as declared in the Protected Resource Metadata (PRM) document hosted on the server. For example, on a local MCP server, it may be hosted here: ```http http://localhos

Affected: >= 0Fixed in 2.13.0Published Oct 29, 2025source \u2192

R0idamcp

Quick Install

Should you use this server?

Test This Server

Help improve this page

Score Breakdown

MCPpedia Score

Security

Advisories (0 open, 8 fixed)

Reviews

Discussion