FastGPT versions up to and including 4.14.11 contain a time-of-check to time-of-use (TOCTOU) race condition in the isInternalAddress() function. The function performs a DNS lookup to validate that an address is private, but the HTTP request that follows is resolved again with a fresh DNS lookup. An attacker can alter the DNS record between the validation and the request, causing the server to send traffic to an attacker‑controlled internal IP, effectively enabling server‑side request forgery (SSRF). This flaw is a classic example of CWE‑367 (Time‑of‑Check/Time‑of‑Use). The primary impact is that an unauthenticated external actor can make the FastGPT instance reach internal hosts, potentially exfiltrating data or pivoting to other attacks. The vulnerability is neither a privilege escalation nor an arbitrary code execution bug, but it allows internal network enumeration and service discovery.

The affected vendor is Labring, product FastGPT. All releases up to and including version 4.14.11 are impacted. No patched releases have been published publicly at the time of disclosure, and the only available mitigation is to restrain access or patch when available.

The CVSS score of 6.3 indicates a moderate severity. EPSS data is not available, so the current exploitation probability is unknown. The issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves an external attacker controlling DNS responses that resolve during the second lookup, allowing SSRF attacks over the network. The lack of a publicly released patch means that administrators must apply network‑level mitigations or build in request validation until a vendor update is released.