Description
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5.
Published: 2026-03-31
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Internal API Key Theft
Action: Immediate Patch
AI Analysis

Impact

FastGPT by labring exposes a full HTTP proxy through the /api/core/app/httpTools/runTool endpoint without authentication. Clients can provide a base URL, path, HTTP method, headers, and body, and the server will perform the request and return the response. This design flaw allows anyone who can reach the FastGPT instance to perform server‑side request forgery (SSRF) and potentially access internal services and sensitive data such as API keys. The vulnerability is a combination of a missing authentication requirement (CWE‑306) and an SSRF weakness (CWE‑918).

Affected Systems

All FastGPT releases from labring prior to version 4.14.9.5 are affected. Versions 4.14.9.5 and later include authentication checks that protect the proxy endpoint.

Risk and Exploitability

The CVSS base score of 10 indicates a critical severity, and the EPSS score of less than 1% suggests a low current likelihood of exploitation. However, the attack can be carried out trivially once network access to the exposed endpoint is available, as no credentials are required. The likely attack vector is an unauthenticated HTTP request to the protected endpoint, which then forwards the request to internal services. The vulnerability is not listed in the CISA KEV catalog, meaning publicly documented exploits are not yet known. Nonetheless, the combination of critical score, unauthenticated access, and potential to harvest internal credentials makes this high‑priority for any environment exposing FastGPT externally.

Generated by OpenCVE AI on April 2, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastGPT to version 4.14.9.5 or later where the HTTP tools endpoint is protected by authentication.
  • If an upgrade is delayed, block or restrict access to the /api/core/app/httpTools/runTool endpoint using firewall rules or reverse‑proxy authentication.
  • Ensure internal services are isolated behind a private network or tightly controlled gateway to prevent them from being reachable via the exposed proxy.
  • Enable logging and monitoring for the httpTools endpoint to detect suspicious internal service requests and facilitate forensic analysis.

Generated by OpenCVE AI on April 2, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Fastgpt
Fastgpt fastgpt
CPEs cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*
Vendors & Products Fastgpt
Fastgpt fastgpt

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Labring
Labring fastgpt
Vendors & Products Labring
Labring fastgpt

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5.
Title FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft
Weaknesses CWE-306
CWE-918
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L'}

Subscriptions

Fastgpt Fastgpt
Labring Fastgpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T14:33:31.305Z

Reserved: 2026-03-25T20:12:04.197Z

Link: CVE-2026-34162

cve-icon Vulnrichment

Updated: 2026-03-31T14:33:20.827Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T15:16:16.960

Modified: 2026-04-01T18:38:39.890

Link: CVE-2026-34162

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:53:18Z

Weaknesses