EUVD-2026-33430Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploiting an incomplete fix in the dataset preview endpoint /api/core/dataset/file/getPreviewChunks when utilizing the externalFile data import type. This vulnerability is fixed in 4.15.0-beta1.
AnalysisAI
Server-Side Request Forgery in Labring FastGPT prior to 4.15.0-beta1 lets an authenticated attacker bypass the platform's isInternalAddress network protection and pivot HTTP GET probes into internal services via the dataset preview endpoint. The flaw stems from an incomplete prior fix in the externalFile data import path, scoped-changed impact (S:C) elevates risk to adjacent systems, and no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold valid FastGPT credentials with permission to call the dataset import APIs (CVSS PR:L), and the target instance must be reachable over the network and accept the externalFile data import type at /api/core/dataset/file/getPreviewChunks. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) reflects a network-reachable, low-complexity attack requiring only low-privilege authentication, with scope change and high confidentiality impact but no integrity or availability effect - consistent with a read-only SSRF that exfiltrates data from adjacent internal systems rather than tampering with them. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has signed up for or obtained a low-privileged account on a multi-tenant or internet-exposed FastGPT instance creates a dataset using the externalFile import type and supplies an internal URL (for example http://169.254.169.254/latest/meta-data/iam/security-credentials/ or http://localhost:6379/) as the file source. They then invoke /api/core/dataset/file/getPreviewChunks, which fetches the URL server-side past the bypassed isInternalAddress check and returns the response body as preview content, enabling reconnaissance and read-only exfiltration of internal HTTP-reachable services. … |
| Remediation | Vendor-released patch: upgrade to FastGPT 4.15.0-beta1 or later as documented in GHSA-c65v-7vx6-f8m3 (https://github.com/labring/FastGPT/security/advisories/GHSA-c65v-7vx6-f8m3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all FastGPT deployments in your environment and audit dataset preview endpoint logs for suspicious internal IP access patterns; immediately restrict dataset preview access to users with documented business need. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today