Platform
nodejs
Component
fastgpt
Fixed in
4.14.10
CVE-2026-34162 describes a critical Server-Side Request Forgery (SSRF) vulnerability affecting FastGPT, an AI Agent building platform. This vulnerability allows attackers to leverage the platform as a proxy to make unauthorized HTTP requests, potentially exposing sensitive internal data or services. The vulnerability impacts versions of FastGPT prior to 4.14.9.5, and a patch has been released in version 4.14.9.5.
The exposed /api/core/app/httpTools/runTool endpoint in FastGPT allows attackers to specify a baseUrl, toolPath, HTTP method, custom headers, and a request body. Because this endpoint functions as a full HTTP proxy without authentication, an attacker can craft malicious requests to target internal services that are not directly accessible from the outside. This could include accessing internal APIs, databases, or other sensitive resources. Successful exploitation could lead to data breaches, unauthorized access to internal systems, and potentially even remote code execution if the targeted internal service is vulnerable. The lack of authentication significantly broadens the attack surface.
This vulnerability was publicly disclosed on 2026-03-31. While no public proof-of-concept (PoC) has been released at the time of writing, the SSRF nature of the vulnerability and the lack of authentication make it highly likely that a PoC will emerge. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. It is not currently listed on CISA KEV, but given the severity, it may be added in the future.
Exploit Status
EPSS
0.15% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34162 is to immediately upgrade FastGPT to version 4.14.9.5 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter incoming requests to the /api/core/app/httpTools/runTool endpoint. Configure the WAF to block requests with suspicious baseUrl values or those originating from untrusted sources. Additionally, restrict network access to the FastGPT server to only allow necessary connections, limiting the potential blast radius of a successful SSRF attack. After upgrading, confirm the fix by attempting to access an internal resource through the HTTP tools testing endpoint; the request should be denied.
Update FastGPT to version 4.14.9.5 or higher. This version fixes the unauthenticated SSRF vulnerability in the /api/core/app/httpTools/runTool endpoint, which allowed for the theft of internal API keys.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34162 is a critical SSRF vulnerability in FastGPT versions prior to 4.14.9.5, allowing attackers to make unauthorized HTTP requests through the platform.
You are affected if you are running FastGPT version 4.14.9.5 or earlier. Immediately assess your deployment and upgrade.
Upgrade FastGPT to version 4.14.9.5 or later. As a temporary workaround, implement a WAF to filter requests to the vulnerable endpoint.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Refer to the FastGPT project's official website or GitHub repository for the latest security advisories and release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.