SSRF Vulnerability in FastGPT AI Agent Building Platform
CVE-2026-44284

6.3MEDIUM

Key Information:

Vendor

Labring

Status
Fastgpt
Vendor
CVE Published:
8 May 2026

What is CVE-2026-44284?

FastGPT, an AI agent building platform, was found to have a concerning SSRF vulnerability prior to version 4.14.17. Although FastGPT's MCP tool already rejected URLs belonging to internal/private networks for direct preview/run endpoints, it was possible for the create/update endpoints to save internal URLs. This could allow an authenticated user with permissions to manage MCP toolsets to store an internal server URL. Consequently, the FastGPT backend workflow runner could be coerced into connecting to this saved internal endpoint, potentially exposing sensitive internal resources. The concern has been fully addressed in the latest update, version 4.14.17.

Affected Version(s)

FastGPT < 4.14.17

References

https://github.com/labring/FastGPT/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/labring/FastGPT/pull/6826
x_refsource_MISC
https://github.com/labring/FastGPT/commit/c1c6b9520d976d2...
x_refsource_MISC

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.