{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34162", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T20:12:04.197Z", "datePublished": "2026-03-31T13:43:20.981Z", "dateUpdated": "2026-03-31T14:33:31.305Z"}, "containers": {"cna": {"title": "FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj"}, {"name": "https://github.com/labring/FastGPT/pull/6640", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/FastGPT/pull/6640"}, {"name": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00"}, {"name": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5"}], "affected": [{"vendor": "labring", "product": "FastGPT", "versions": [{"version": "< 4.14.9.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:43:20.981Z"}, "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy \u2014 it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5."}], "source": {"advisory": "GHSA-w36r-f268-pwrj", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T14:33:27.055617Z", "id": "CVE-2026-34162", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:33:31.305Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34162", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T14:33:27.055617Z"}}}], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:33:20.827Z"}}], "cna": {"title": "FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft", "source": {"advisory": "GHSA-w36r-f268-pwrj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "labring", "product": "FastGPT", "versions": [{"status": "affected", "version": "< 4.14.9.5"}]}], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "name": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/labring/FastGPT/pull/6640", "name": "https://github.com/labring/FastGPT/pull/6640", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00", "name": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5", "name": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy \u2014 it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:43:20.981Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34162", "state": "PUBLISHED", "dateUpdated": "2026-03-31T14:33:31.305Z", "dateReserved": "2026-03-25T20:12:04.197Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T13:43:20.981Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE20269A-5497-4727-B3DD-3EDC1E1F234E", "versionEndExcluding": "4.14.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy \u2014 it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5."}], "id": "CVE-2026-34162", "lastModified": "2026-04-01T18:38:39.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T15:16:16.960", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/labring/FastGPT/pull/6640"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.14.9.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FastGPT", "source": "cna", "vendor": "labring"}, "product": "fastgpt", "vendor": "labring"}], "analysis": {"en": {"generated_at": "2026-04-02T05:51:18.602900+00:00", "value": {"mitigation_remediation": ["Upgrade FastGPT to version 4.14.9.5 or later where the HTTP tools endpoint is protected by authentication.", "If an upgrade is delayed, block or restrict access to the /api/core/app/httpTools/runTool endpoint using firewall rules or reverse\u2011proxy authentication.", "Ensure internal services are isolated behind a private network or tightly controlled gateway to prevent them from being reachable via the exposed proxy.", "Enable logging and monitoring for the httpTools endpoint to detect suspicious internal service requests and facilitate forensic analysis."], "summary": {"action": "Immediate Patch", "impact": "Internal API Key Theft"}, "threat_synthesis": {"affected_systems": "All FastGPT releases from labring prior to version 4.14.9.5 are affected. Versions 4.14.9.5 and later include authentication checks that protect the proxy endpoint.", "description_and_impact": "FastGPT by labring exposes a full HTTP proxy through the /api/core/app/httpTools/runTool endpoint without authentication. Clients can provide a base URL, path, HTTP method, headers, and body, and the server will perform the request and return the response. This design flaw allows anyone who can reach the FastGPT instance to perform server\u2011side request forgery (SSRF) and potentially access internal services and sensitive data such as API keys. The vulnerability is a combination of a missing authentication requirement (CWE\u2011306) and an SSRF weakness (CWE\u2011918).", "risk_and_exploitability": "The CVSS base score of 10 indicates a critical severity, and the EPSS score of less than 1% suggests a low current likelihood of exploitation. However, the attack can be carried out trivially once network access to the exposed endpoint is available, as no credentials are required. The likely attack vector is an unauthenticated HTTP request to the protected endpoint, which then forwards the request to internal services. The vulnerability is not listed in the CISA KEV catalog, meaning publicly documented exploits are not yet known. Nonetheless, the combination of critical score, unauthenticated access, and potential to harvest internal credentials makes this high\u2011priority for any environment exposing FastGPT externally."}}}}, "created": "2026-03-31T19:54:42.519693+00:00", "updated": "2026-04-02T07:53:18.319889+00:00", "vendors": ["labring", "labring$PRODUCT$fastgpt"]}