CVE-2026-44285: FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allo
Summary
FastGPT, an AI Agent building platform, had a Server-Side Request Forgery (SSRF) vulnerability (a flaw that lets attackers trick a server into making requests to internal systems it shouldn't access) in versions before 4.15.0-beta1. An authenticated attacker could bypass security protections and make unauthorized requests to internal network services by exploiting an incomplete fix in the dataset preview endpoint when using the externalFile data import type.
Solution / Mitigation
Update FastGPT to version 4.15.0-beta1 or later, where this vulnerability is fixed.
Vulnerability Details
7.7(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
network
low
low
none
May 29, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44285
First tracked: May 29, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%