CVE-2026-44284

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.17

Description An inconsistent Server-Side Request Forgery (SSRF) protection gap exists in the handling of Model Context Protocol (MCP) tool URLs. While direct preview and run endpoints reject internal or private network URLs, the endpoints used to create or update MCP tools allow the storage of internal MCP server URLs. These stored URLs can subsequently be used by the workflow execution process without further validation of the destination. An authenticated user with permissions to manage MCP toolsets can store an internal endpoint, such as http://localhost:3000/mcp, causing the backend workflow runner to connect to that internal destination.

Recommendations Update to version 4.14.17.