{"data":{"id":"d68fad3f-b6a7-4fc1-8fc5-a393a72d53a0","title":"CVE-2026-44285: FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allo","summary":"FastGPT, an AI Agent building platform, had a Server-Side Request Forgery (SSRF) vulnerability (a flaw that lets attackers trick a server into making requests to internal systems it shouldn't access) in versions before 4.15.0-beta1. An authenticated attacker could bypass security protections and make unauthorized requests to internal network services by exploiting an incomplete fix in the dataset preview endpoint when using the externalFile data import type.","solution":"Update FastGPT to version 4.15.0-beta1 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44285","publishedAt":"2026-05-29T20:16:24.103Z","cveId":"CVE-2026-44285","cweIds":["CWE-918"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-29T20:16:24.103Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}