INCIDENT
FastAPI - Critical security vulnerability discovered: single charac...
Critical security vulnerability discovered: single character query bypasses authentication in FastAPI/vLLM/MCP stacks, exposing API keys and shell access.
Updated: 5/27/2026
critical Severity
Status: active
Description
One character. A question mark. Three AI apps. 10 minutes. FastAPI admin panel ā 403 to 200 vLLM gateway ā leaked API keys MCP server ā file read + shell access Your AI stack probably has this hole. š¦š https://t.co/1MR0POyKFU
Impact
Critical security vulnerability discovered: single character query bypasses authentication in FastAPI/vLLM/MCP stacks, exposing API keys and shell access.
Attack Vectors
- MCP server