{"data":{"id":"73279b5f-f90a-4f9f-8f7f-812309ea7979","title":"CVE-2026-42345: FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packa","summary":"FastGPT, an AI platform for building AI agents, has a vulnerability in versions 4.14.11 and earlier where its isInternalAddress() function fails to block access to cloud metadata endpoints (services that store sensitive system information). Attackers can bypass the blocklist using URL encoding techniques (methods to disguise URLs), and because a security check is disabled by default, the metadata endpoint remains accessible without additional protection.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42345","publishedAt":"2026-05-08T23:16:37.320Z","cveId":"CVE-2026-42345","cweIds":["CWE-918"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0.00028,"patchAvailable":null,"disclosureDate":"2026-05-08T23:16:37.320Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}