{"data":{"id":"10056845-02ec-4aa7-9ce9-d833003c1057","title":"CVE-2026-44284: FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in M","summary":"FastGPT, a platform for building AI agents, had a security flaw in how it protected against SSRF attacks (server-side request forgery, where an attacker tricks a server into connecting to unauthorized internal systems). While some endpoints blocked internal network URLs, the tool creation endpoints did not, allowing an authenticated user to save a malicious internal URL that could later be used without additional checks when running workflows.","solution":"This issue has been patched in version 4.14.17.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44284","publishedAt":"2026-05-08T23:16:39.507Z","cveId":"CVE-2026-44284","cweIds":["CWE-918"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0.00049,"patchAvailable":null,"disclosureDate":"2026-05-08T23:16:39.507Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}