Description
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5.
Published: 2026-03-31
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: Server‑Side Request Forgery leading to credential theft
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is caused by an unauthenticated HTTP endpoint that operates as a full proxy. By sending crafted requests, an attacker can have the server retrieve any internal URL and return the response, allowing theft of sensitive data such as internal API keys. This represents a severe loss of confidentiality and, if the key is used in other systems, could also affect integrity.

Affected Systems

The affected system is FastGPT by labring. Versions prior to 4.14.9.5 are vulnerable; the issue is fixed in release v4.14.9.5.

Risk and Exploitability

The flaw scores a CVSS of 10, classifying it as critical. EPSS data is unavailable and it is not listed in the CISA KEV catalog. Exploitation is straightforward: the attacker only needs to send a request to the unprotected endpoint; no authentication or privileged access is required. The SSRF capability allows direct access to internal services and enables the attacker to steal credentials or other secrets.

Generated by OpenCVE AI on March 31, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to FastGPT 4.14.9.5 or later.
  • If upgrading immediately is not possible, block or secure the /api/core/app/httpTools/runTool endpoint with authentication or firewall rules.
  • Monitor access logs for suspicious activity on that endpoint.
  • Restrict outbound traffic from the FastGPT instance to limit potential SSRF exploitation.

Generated by OpenCVE AI on March 31, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Labring
Labring fastgpt
Vendors & Products Labring
Labring fastgpt

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5.
Title FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft
Weaknesses CWE-306
CWE-918
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L'}

Subscriptions

Labring Fastgpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T14:33:31.305Z

Reserved: 2026-03-25T20:12:04.197Z

Link: CVE-2026-34162

cve-icon Vulnrichment

Updated: 2026-03-31T14:33:20.827Z

cve-icon NVD

Status : Received

Published: 2026-03-31T15:16:16.960

Modified: 2026-03-31T15:16:16.960

Link: CVE-2026-34162

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:36Z

Weaknesses