CVE-2026-42344
DNS Rebinding Vulnerability in FastGPT AI Agent Platform
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fastgpt | fastgpt | to 4.14.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in FastGPT versions 4.14.11 and earlier, specifically in the isInternalAddress() function. The function attempts to verify if a hostname resolves to a private IP address by resolving the hostname's IP addresses and checking them against private IP ranges. However, the actual HTTP request is made after a separate DNS resolution, allowing the DNS record to change between the initial check and the request (a Time-of-Check to Time-of-Use or TOCTOU issue). This enables DNS rebinding attacks, where an attacker can manipulate DNS responses to bypass security checks.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to bypass internal address checks by exploiting the DNS rebinding flaw. This could lead to unauthorized access to internal or private network resources that should be protected, potentially exposing sensitive data or services. Since the CVSS score indicates a moderate severity with high confidentiality impact, the main risk is unauthorized disclosure of sensitive information.