{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40100", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-09T01:41:38.536Z", "datePublished": "2026-04-10T16:39:25.856Z", "dateUpdated": "2026-04-15T14:47:23.092Z"}, "containers": {"cna": {"title": "FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4"}], "affected": [{"vendor": "labring", "product": "FastGPT", "versions": [{"version": "< 4.14.10.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T16:39:25.856Z"}, "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal network resources. This vulnerability is fixed in 4.14.10.3."}], "source": {"advisory": "GHSA-jrhc-f3j7-f8g4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T14:45:56.717074Z", "id": "CVE-2026-40100", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T14:47:23.092Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40100", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T14:45:56.717074Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T14:47:17.441Z"}}], "cna": {"title": "FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default", "source": {"advisory": "GHSA-jrhc-f3j7-f8g4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "labring", "product": "FastGPT", "versions": [{"status": "affected", "version": "< 4.14.10.3"}]}], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4", "name": "https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal network resources. This vulnerability is fixed in 4.14.10.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T16:39:25.856Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40100", "state": "PUBLISHED", "dateUpdated": "2026-04-15T14:47:23.092Z", "dateReserved": "2026-04-09T01:41:38.536Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-10T16:39:25.856Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E93E71B-0D3A-4C6D-9679-EC1FA760E111", "versionEndExcluding": "4.14.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal network resources. This vulnerability is fixed in 4.14.10.3."}], "id": "CVE-2026-40100", "lastModified": "2026-04-15T19:02:57.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-10T17:17:12.997", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/labring/FastGPT/security/advisories/GHSA-jrhc-f3j7-f8g4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.14.10.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FastGPT", "source": "cna", "vendor": "labring"}, "product": "fastgpt", "vendor": "labring"}], "analysis": {"en": {"generated_at": "2026-04-10T18:23:23.494657+00:00", "value": {"mitigation_remediation": ["Apply the latest patch 4.14.10.3 or newer to FastGPT to fix the SSRF issue.", "If upgrading immediately is not possible, limit access to the /api/core/app/mcpTools/runTool endpoint by firewalling or restricting network interfaces so that only trusted hosts can reach it.", "Enable the internal IP check flag (CHECK_INTERNAL_IP=true) in configuration to block requests to private IP ranges until a patch can be applied."], "summary": {"action": "Immediate Patch", "impact": "Unauthenticated Server Side Request Forgery (SSRF) can access internal network resources"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the FastGPT product by labring. Versions prior to 4.14.10.3 are impacted; the issue was addressed in release 4.14.10.3.\n", "description_and_impact": "FastGPT, an AI agent platform, contains an endpoint that accepts arbitrary URLs without requiring authentication. The internal address check is only active when a configuration flag is true, which is not the default. As a result, an unauthenticated attacker can instruct the server to resolve and communicate with any URL, including internal IP addresses. This SSRF flaw can let an attacker exfiltrate information, access restricted services, or perform internal network reconnaissance.\n", "risk_and_exploitability": "The CVSS base score is 5.3, indicating a medium severity risk. No EPSS data is public and the vulnerability is not listed in the CISA KEV catalog, suggesting exploitation is not broadly observed yet. Nonetheless, because authentication is bypassed, any external user can trigger the SSRF endpoint. Attackers need only to send a crafted request to the /api/core/app/mcpTools/runTool URL, and if the flag controlling internal IP checks is left in its default state, the server will resolve the supplied URL without restriction."}}}}, "created": "2026-04-13T12:43:52.391464+00:00", "updated": "2026-04-13T13:00:19.895488+00:00", "vendors": ["labring", "labring$PRODUCT$fastgpt"]}