rootio-fastmcp: Unauthorized Access via Unvalidated User Input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-fastmcp: Unauthorized Access via Unvalidated User Input

ROOT-APP-PYPI-GHSA-c2jp-c369-7pvx

Summary

A security patch has been released for rootio-fastmcp, a library used in some Root systems. If left unpatched, an attacker could potentially access unauthorized areas of the system by sending malicious input. Update to the latest version to ensure you have the fix.

What to do

Update rootio-fastmcp to version 2.12.4+root.io.2.
Update rootio-fastmcp to version 2.11.3+root.io.4.
Update rootio-fastmcp to version 2.12.4+root.io.4.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:PyPI	–	rootio-fastmcp	< 2.12.4+root.io.2 < 2.11.3+root.io.4 < 2.12.4+root.io.4 Fix: upgrade to 2.12.4+root.io.2

Original title

GHSA-c2jp-c369-7pvx in rootio-fastmcp - Patched by Root

Original description

Root has patched GHSA-c2jp-c369-7pvx in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available.

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 9 Apr 2026