10
CVE-2026-34162
- EPSS 0.42%
- Veröffentlicht 31.03.2026 13:43:20
- Zuletzt bearbeitet 01.04.2026 18:38:39
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginFastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.331 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
|
| security-advisories@github.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj
https://github.com/labring/FastGPT/pull/6640
https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00
https://github.com/labring/FastGPT/releases/tag/v4.14.9.5