CVE-2026-34163: FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoi
Summary
FastGPT, a platform for building AI agents, has a vulnerability in versions before 4.14.9.5 where two endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept URLs from users and make requests to them without checking if those URLs point to internal systems. This is called SSRF (server-side request forgery, where an attacker tricks a server into making requests to private networks on their behalf). Although FastGPT has a protective function called isInternalAddress() used elsewhere, these endpoints don't use it, allowing authenticated attackers to scan internal networks, access cloud metadata services, and interact with internal databases like MongoDB and Redis.
Solution / Mitigation
This issue has been patched in version 4.14.9.5.
Vulnerability Details
7.7(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
network
low
low
none
March 31, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34163
First tracked: March 31, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 92%