Skip to main content

FastGPT CVE-2026-44286

LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-08 GitHub_M
SSRF Fastgpt
2.3
CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
May 09, 2026 - 00:45 vuln.today
Analysis Generated
May 09, 2026 - 00:45 vuln.today
CVSS changed
May 08, 2026 - 23:22 NVD
2.3 (LOW)
CVE Published
May 08, 2026 - 22:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 22:17 nvd
LOW 2.3

DescriptionGitHub Advisory

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privileges) to send arbitrary HTTP requests to internal/private network addresses. The fetchData function in the lafModule workflow node uses axios to fetch user-controlled URLs without validating them against the application's internal network blocklist guard (isInternalAddress), bypassing SSRF protections. This issue has been patched in version 4.14.17.

AnalysisAI

Server-side request forgery (SSRF) in FastGPT prior to version 4.14.17 allows authenticated users with App editing privileges to bypass SSRF protections in the lafModule workflow node's fetchData function, enabling arbitrary HTTP requests to internal and private network addresses via unvalidated user-controlled URLs passed to axios without filtering against the application's isInternalAddress blocklist.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate to FastGPT platform
Delivery
Access App editor with privileges
Exploit
Create or modify lafModule workflow node
Install
Configure fetchData function with internal target URL
C2
Execute workflow
Execute
Bypass isInternalAddress blocklist
Impact
Retrieve internal service response
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The vulnerability requires the attacker to be an authenticated user with App editing privileges to craft or modify a workflow node. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS v4.0 score of 2.3 with vector AV:N/AC:L/AT:P/PR:L indicates network-accessible but low-impact exploitation with attack time penalty (AT:P) and low-privilege requirement (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user with App editing privileges creates or modifies a workflow that includes a lafModule node with a fetchData function. The attacker configures the node to fetch from a user-controlled URL parameter and sets it to an internal address such as http://169.254.169.254/latest/meta-data (AWS metadata endpoint) or http://localhost:6379 (common Redis port). …
Remediation Upgrade FastGPT to version 4.14.17 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44286 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy