CVE-2026-44285
Server-Side Request Forgery in FastGPT Prior to 4.15.0-beta1
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| labring | fastgpt | to 4.15.0-beta1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-44285 is a Server-Side Request Forgery (SSRF) vulnerability in FastGPT, an AI Agent building platform. It affects versions prior to 4.15.0-beta1.
The vulnerability allows an authenticated attacker to bypass the global network protection that restricts access to internal addresses. This is done by exploiting an incomplete fix in the dataset preview endpoint `/api/core/dataset/file/getPreviewChunks` when using the `externalFile` data import type.
Specifically, the function responsible for reading files by URL does not properly validate the URL parameter against internal address checks before making HTTP requests. This enables attackers to make arbitrary HTTP GET requests to internal network services, including sensitive cloud metadata endpoints.
How can this vulnerability impact me? :
This vulnerability can have serious impacts because it allows attackers to access internal network services that should be protected.
Attackers can retrieve sensitive internal data, such as cloud instance metadata including AWS IAM credentials, which can lead to unauthorized access and potential further compromise of the system.
The vulnerability has a high severity score (CVSS 7.7) due to its potential to expose confidential information easily, requiring only low privileges and no user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual HTTP GET requests to internal network services originating from the FastGPT application, especially targeting the dataset preview endpoint `/api/core/dataset/file/getPreviewChunks` with the `externalFile` data import type.
You can look for suspicious requests in your application logs or network traffic that attempt to access internal IP addresses such as `172.20.0.1` or cloud metadata endpoints like `169.254.169.254`.
Example commands to detect potential exploitation attempts include:
- Using grep to find suspicious requests in FastGPT logs: `grep "/api/core/dataset/file/getPreviewChunks" /path/to/fastgpt/logs/* | grep externalFile`
- Using tcpdump to capture HTTP GET requests to internal IPs: `tcpdump -i any tcp port 80 and src host <fastgpt-server-ip> and dst net 172.20.0.0/16`
- Using curl or similar tools to test the endpoint manually for SSRF: `curl -u <user>:<pass> -X GET "http://<fastgpt-server>/api/core/dataset/file/getPreviewChunks?importType=externalFile&url=http://169.254.169.254/latest/meta-data/"`
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade FastGPT to version 4.15.0-beta1 or later, where this SSRF vulnerability has been fixed.
Until the upgrade can be performed, consider restricting access to the vulnerable endpoint `/api/core/dataset/file/getPreviewChunks` or disabling the `externalFile` data import type to prevent exploitation.
Additionally, implement network-level controls to block FastGPT servers from making HTTP requests to internal IP ranges and cloud metadata IP addresses such as `169.254.169.254`.