Foodlook

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.14.12 **Description** The `isInternalAddress()` function in `packages/service/common/system/utils.ts` is susceptible to DNS rebinding, a Time-of-Check to Time-of-Use (TOCTOU) issue. The function validates a hostname by resolving it via `dns.resolve4()` or `dns.resolve6()` to ensure the IP is not within a private range. However, because the subsequent HTTP request triggers a separate DNS resolution, an attacker can change the DNS record between the validation step and the actual fetch, potentially bypassing internal network restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.14.11 **Description** The `isInternalAddress()` function in `packages/service/common/system/utils.ts` fails to properly block cloud metadata endpoints. The function uses a `fullUrl.startsWith()` check against a hardcoded list that can be bypassed using various URL encoding techniques. Furthermore, the private IP checks (`isInternalIPv4` and `isInternalIPv6`) are disabled by default because the `CHECK INTERNAL IP` variable defaults to `false`, allowing bypassed requests to reach metadata endpoints without additional validation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.22 **Description** A server-side request forgery (SSRF) issue exists in the Zalo plugin. The `sendPhoto()` function fails to validate outbound photo URLs through the SSRF guard. This allows attackers to bypass protection by providing malicious photo URLs to the Zalo Bot API, potentially enabling unauthorized access to internal resources. **Recommendations** Update to version 2026.4.22 or later. As a temporary workaround, restrict access to the `sendPhoto()` function within the Zalo plugin.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.20 **Description** OpenClaw fails to properly reserve the `OPENCLAW ` runtime-control environment namespace in workspace dotenv files. This allows attackers to override critical runtime variables. For instance, malicious workspaces can set variables such as `OPENCLAW GIT DIR` to manipulate trusted runtime behavior during installer flows or source-update processes. **Recommendations** Update to version 2026.4.20.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.20 **Description** An issue in QQBot direct media upload allows for server-side request forgery (SSRF), a flaw where a server is tricked into making requests to an unintended location. This occurs because URL validation is skipped. Attackers can bypass protections by sending crafted image URLs to the 'uploadC2CMedia' and 'uploadGroupMedia' endpoints to relay unauthorized requests. **Recommendations** Update to version 2026.4.20. As a temporary workaround, restrict access to the 'uploadC2CMedia' and 'uploadGroupMedia' endpoints to minimize the risk of exploitation.