{"data":{"id":"b6ce2328-5bae-4e53-84f0-5d97723c1d23","title":"CVE-2026-44286: FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF","summary":"FastGPT, a platform for building AI agents, has a vulnerability in versions before 4.14.17 that allows attackers to send requests to internal or private network addresses without needing to log in. The problem is in the fetchData function, which retrieves data from user-provided URLs but doesn't properly check them against a blocklist (isInternalAddress) that's meant to prevent SSRF attacks (where a server is tricked into making requests to systems it shouldn't access).","solution":"Update FastGPT to version 4.14.17 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44286","publishedAt":"2026-05-08T23:16:39.647Z","cveId":"CVE-2026-44286","cweIds":["CWE-918"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00038,"patchAvailable":null,"disclosureDate":"2026-05-08T23:16:39.647Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}