Auth headers leak from MCP transport to downstream OpenAPI APIs

8/10 High

Authentication headers from the MCP transport layer were being improperly forwarded to downstream OpenAPI APIs, creating security and information disclosure risks.

FastMCPOpenAPIMCP
Category
security
Workaround
none
Stage
deploy
Freshness
declining
Scope
single_lib
Upstream
open
Recurring
No
Buyer Type
team
Maintainer
active

Sources

Collection History

Query: “What are the most common pain points with FastMCP for developers in 2025?4/8/2026

Auth headers from MCP transport no longer leak through to downstream OpenAPI APIs

Created: 4/8/2026Updated: 4/8/2026