CVE-2026-34162
CRITICAL WAF: Medium
CVSS 10.0
Published: 2026-03-31
CWE-918
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and returns the complete response to the caller. This issue has been patched in version 4.14.9.5.
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fastgpt | fastgpt | up to 4.14.9.5 |
References
- github.com (Patch)
- github.com (Issue Tracking, Patch)
- github.com (Product, Release Notes)
- github.com (Exploit, Mitigation, Vendor Advisory)