Compliance Impact

The vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) against internal network resources, potentially exposing internal systems and data.

Such unauthorized access to internal resources could lead to unauthorized disclosure of sensitive information, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data.

However, the provided information does not explicitly describe the direct impact on compliance with these standards or any regulatory consequences.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading FastGPT to version 4.14.10.3 or later, where the vulnerability is fixed.

Alternatively, set the environment variable CHECK_INTERNAL_IP to 'true' to enable internal IP address validation and block SSRF attempts to private IPs.

Additionally, restrict access to the /api/core/app/mcpTools/runTool endpoint by implementing authentication and authorization controls to prevent unauthenticated access.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-40100 is a Server-Side Request Forgery (SSRF) vulnerability in the FastGPT platform, specifically in versions prior to 4.14.10.3. The vulnerability exists in the /api/core/app/mcpTools/runTool endpoint, which accepts arbitrary URLs without requiring any authentication.

The internal IP address validation is controlled by an environment variable CHECK_INTERNAL_IP. By default, this variable is not set to 'true', causing the internal IP check to be bypassed. This allows unauthenticated attackers to send requests to internal network resources through the vulnerable endpoint.

In addition, the endpoint lacks authentication middleware, and the vulnerability allows attackers to perform SSRF attacks by providing a user-controlled URL parameter.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthenticated attackers to perform SSRF attacks against internal network resources. This means attackers can potentially access internal IP addresses and services that are not normally exposed to the internet.

Such access could lead to information disclosure about internal systems, network topology, or other sensitive internal resources. It may also be used as a stepping stone for further attacks within the internal network.

The CVSS score of 5.3 indicates a moderate severity, with low impact on confidentiality but no impact on integrity or availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing the /api/core/app/mcpTools/runTool endpoint for SSRF behavior without authentication.

A practical detection method is to send a POST request to the endpoint with a JSON body containing a URL pointing to an internal IP address, such as 192.168.1.1, and observe if the server makes the request.

• Example curl command to test SSRF: curl -X POST https://<target>/api/core/app/mcpTools/runTool -H 'Content-Type: application/json' -d '{"url":"http://192.168.1.1/","toolName":"test","params":{}}'

If the server responds or behaves as if it accessed the internal URL, the vulnerability is present.

Useful 0 Not Useful 0