CVE-2026-40100
SSRF Vulnerability in FastGPT API Allows Unauthenticated Access
Publication date: 2026-04-10
Last updated on: 2026-04-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fastgpt | fastgpt | to 4.14.10.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) against internal network resources, potentially exposing internal systems and data.
Such unauthorized access to internal resources could lead to unauthorized disclosure of sensitive information, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data.
However, the provided information does not explicitly describe the direct impact on compliance with these standards or any regulatory consequences.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading FastGPT to version 4.14.10.3 or later, where the vulnerability is fixed.
Alternatively, set the environment variable CHECK_INTERNAL_IP to 'true' to enable internal IP address validation and block SSRF attempts to private IPs.
Additionally, restrict access to the /api/core/app/mcpTools/runTool endpoint by implementing authentication and authorization controls to prevent unauthenticated access.
Can you explain this vulnerability to me?
CVE-2026-40100 is a Server-Side Request Forgery (SSRF) vulnerability in the FastGPT platform, specifically in versions prior to 4.14.10.3. The vulnerability exists in the /api/core/app/mcpTools/runTool endpoint, which accepts arbitrary URLs without requiring any authentication.
The internal IP address validation is controlled by an environment variable CHECK_INTERNAL_IP. By default, this variable is not set to 'true', causing the internal IP check to be bypassed. This allows unauthenticated attackers to send requests to internal network resources through the vulnerable endpoint.
In addition, the endpoint lacks authentication middleware, and the vulnerability allows attackers to perform SSRF attacks by providing a user-controlled URL parameter.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to perform SSRF attacks against internal network resources. This means attackers can potentially access internal IP addresses and services that are not normally exposed to the internet.
Such access could lead to information disclosure about internal systems, network topology, or other sensitive internal resources. It may also be used as a stepping stone for further attacks within the internal network.
The CVSS score of 5.3 indicates a moderate severity, with low impact on confidentiality but no impact on integrity or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /api/core/app/mcpTools/runTool endpoint for SSRF behavior without authentication.
A practical detection method is to send a POST request to the endpoint with a JSON body containing a URL pointing to an internal IP address, such as 192.168.1.1, and observe if the server makes the request.
- Example curl command to test SSRF: curl -X POST https://<target>/api/core/app/mcpTools/runTool -H 'Content-Type: application/json' -d '{"url":"http://192.168.1.1/","toolName":"test","params":{}}'
If the server responds or behaves as if it accessed the internal URL, the vulnerability is present.