CVE-2026-40100

MEDIUM

FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default

Title source: cna

Description

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal network resources. This vulnerability is fixed in 4.14.10.3.

References (1)

[X_Refsource_Confirm] https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4

Scores

CVSS v3 5.3

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

fastgpt/fastgpt < 4.14.10.3

labring/FastGPT < 4.14.10.3

Published Apr 10, 2026

Tracked Since Apr 10, 2026