Server-Side Request Forgery Vulnerability in FastGPT by Labring
CVE-2026-61646
What is CVE-2026-61646?
FastGPT is a knowledge-based AI application platform that prior to version 4.15.0-beta5 had a vulnerability allowing an authenticated user to exploit the platform’s shared SSRF guard. This guard only validated the initial request URL, failing to block subsequent redirects made by axios, which follows URL redirects by default. An attacker could leverage this flaw by configuring an HTTP request node to point to a malicious URL, ultimately redirecting to sensitive internal services, cloud metadata, or loopback addresses that would normally be protected. The response body would then be returned to the user, allowing potential exfiltration of sensitive information. This issue has been addressed and fixed in version 4.15.0-beta5.
Affected Version(s)
FastGPT < 4.15.0-beta5
