CVE-2026-34163

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.9.5

Description FastGPT is an AI Agent building platform. The MCP (Model Context Protocol) tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the URL points to an internal or private network address. The application has a dedicated isInternalAddress() function for SSRF protection, but this function is not called by the MCP tools endpoints. An authenticated attacker can use these endpoints to scan internal networks, access cloud metadata services, and interact with internal services such as MongoDB and Redis. The vulnerable parameters are the URL parameters used in the /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool API endpoints.

Recommendations Versions prior to 4.14.9.5 should be updated to version 4.14.9.5 or later.