{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34162", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T20:12:04.197Z", "datePublished": "2026-03-31T13:43:20.981Z", "dateUpdated": "2026-03-31T14:33:31.305Z"}, "containers": {"cna": {"title": "FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj"}, {"name": "https://github.com/labring/FastGPT/pull/6640", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/FastGPT/pull/6640"}, {"name": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00"}, {"name": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5"}], "affected": [{"vendor": "labring", "product": "FastGPT", "versions": [{"version": "< 4.14.9.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:43:20.981Z"}, "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy \u2014 it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5."}], "source": {"advisory": "GHSA-w36r-f268-pwrj", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T14:33:27.055617Z", "id": "CVE-2026-34162", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:33:31.305Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34162", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T14:33:27.055617Z"}}}], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:33:20.827Z"}}], "cna": {"title": "FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft", "source": {"advisory": "GHSA-w36r-f268-pwrj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "labring", "product": "FastGPT", "versions": [{"status": "affected", "version": "< 4.14.9.5"}]}], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "name": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/labring/FastGPT/pull/6640", "name": "https://github.com/labring/FastGPT/pull/6640", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00", "name": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5", "name": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy \u2014 it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:43:20.981Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34162", "state": "PUBLISHED", "dateUpdated": "2026-03-31T14:33:31.305Z", "dateReserved": "2026-03-25T20:12:04.197Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T13:43:20.981Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE20269A-5497-4727-B3DD-3EDC1E1F234E", "versionEndExcluding": "4.14.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy \u2014 it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5."}], "id": "CVE-2026-34162", "lastModified": "2026-04-01T18:38:39.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T15:16:16.960", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/labring/FastGPT/pull/6640"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/labring/FastGPT/releases/tag/v4.14.9.5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.14.9.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FastGPT", "source": "cna", "vendor": "labring"}, "product": "fastgpt", "vendor": "labring"}], "analysis": {"en": {"generated_at": "2026-03-31T15:27:55.258796+00:00", "value": {"mitigation_remediation": ["Upgrade to FastGPT 4.14.9.5 or later.", "If upgrading immediately is not possible, block or secure the /api/core/app/httpTools/runTool endpoint with authentication or firewall rules.", "Monitor access logs for suspicious activity on that endpoint.", "Restrict outbound traffic from the FastGPT instance to limit potential SSRF exploitation."], "summary": {"action": "Immediate Patch", "impact": "Server\u2011Side Request Forgery leading to credential theft"}, "threat_synthesis": {"affected_systems": "The affected system is FastGPT by labring. Versions prior to 4.14.9.5 are vulnerable; the issue is fixed in release v4.14.9.5.", "description_and_impact": "The vulnerability is caused by an unauthenticated HTTP endpoint that operates as a full proxy. By sending crafted requests, an attacker can have the server retrieve any internal URL and return the response, allowing theft of sensitive data such as internal API keys. This represents a severe loss of confidentiality and, if the key is used in other systems, could also affect integrity.", "risk_and_exploitability": "The flaw scores a CVSS of 10, classifying it as critical. EPSS data is unavailable and it is not listed in the CISA KEV catalog. Exploitation is straightforward: the attacker only needs to send a request to the unprotected endpoint; no authentication or privileged access is required. The SSRF capability allows direct access to internal services and enables the attacker to steal credentials or other secrets."}}}}, "created": "2026-03-31T19:54:42.519693+00:00", "updated": "2026-03-31T20:38:36.564320+00:00", "vendors": ["labring", "labring$PRODUCT$fastgpt"]}