CVE-2026-26075 Overview
CVE-2026-26075 is a Server-Side Request Forgery (SSRF) vulnerability affecting FastGPT, an AI Agent building platform. The vulnerability exists in FastGPT's web page acquisition nodes and HTTP nodes, which need to initiate data acquisition requests from the server. Due to insufficient internal network address detection, attackers could potentially abuse these server-side request mechanisms to access internal network resources that should be protected.
Critical Impact
Attackers can exploit insufficient internal network address validation in FastGPT's HTTP nodes to potentially access internal network resources, bypass network segmentation, and reach services not intended to be publicly accessible.
Affected Products
- FastGPT versions prior to 4.14.7
Discovery Timeline
- 2026-02-12 - CVE-2026-26075 published to NVD
- 2026-02-12 - Last updated in NVD database
Technical Details for CVE-2026-26075
Vulnerability Analysis
This vulnerability stems from insufficient validation of user-supplied URLs in FastGPT's server-side request functionality. FastGPT's architecture includes web page acquisition nodes and HTTP nodes designed to fetch external data on behalf of users. These features are essential for AI agent workflows that need to retrieve information from external sources.
The core issue is that these server-side request mechanisms lacked adequate filtering of internal network addresses. When a user submits a URL for the server to fetch, the application should validate that the target address is not within the internal network infrastructure. Without this validation, an attacker can craft requests targeting internal IP ranges (such as 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or 127.0.0.1) or internal hostnames, effectively using the FastGPT server as a proxy to reach otherwise inaccessible resources.
Root Cause
The root cause is inadequate input validation and sanitization of URLs provided to server-side request mechanisms. The application's HTTP nodes and web page acquisition features did not implement strict checks to prevent requests targeting internal network addresses, cloud metadata endpoints (such as 169.254.169.254), or localhost services. This allowed external attackers to leverage the server's network position to access internal resources.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by:
- Identifying a FastGPT instance with exposed HTTP nodes or web page acquisition functionality
- Crafting requests with URLs pointing to internal network addresses or sensitive internal services
- Submitting these malicious URLs through the vulnerable endpoints
- Receiving responses from internal resources that would otherwise be unreachable from the attacker's position
This SSRF vulnerability could enable attackers to scan internal networks, access cloud metadata services, interact with internal APIs, or exfiltrate sensitive configuration data from services running within the same network as the FastGPT deployment.
Detection Methods for CVE-2026-26075
Indicators of Compromise
- Outbound HTTP requests from FastGPT servers to internal IP ranges (10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x, 127.0.0.1)
- Requests to cloud metadata endpoints such as 169.254.169.254
- Unusual server-side request patterns targeting internal service ports
- HTTP requests to internal hostnames or non-public DNS names originating from FastGPT
Detection Strategies
- Monitor FastGPT server network traffic for connections to internal IP ranges or localhost
- Implement web application firewall (WAF) rules to detect SSRF patterns in request parameters
- Review FastGPT application logs for suspicious URL fetch requests targeting internal resources
- Set up alerts for outbound connections from FastGPT to cloud metadata services
Monitoring Recommendations
- Enable detailed logging for all HTTP node and web page acquisition activities in FastGPT
- Implement network segmentation monitoring to detect unauthorized internal network access attempts
- Configure intrusion detection systems (IDS) to flag SSRF attack patterns
- Regularly audit FastGPT request logs for anomalous URL patterns
How to Mitigate CVE-2026-26075
Immediate Actions Required
- Upgrade FastGPT to version 4.14.7 or later immediately
- Implement network-level isolation between FastGPT servers and sensitive internal resources
- Deploy a web application firewall with SSRF protection rules
- Review and restrict outbound network access from FastGPT servers
Patch Information
FastGPT has released version 4.14.7 which includes stricter internal network address detection to prevent SSRF attacks. The patch adds improved URL validation that blocks requests to internal network ranges, localhost, and cloud metadata endpoints.
For detailed patch information, refer to the FastGPT v4.14.7 Release and the GitHub Security Advisory GHSA-g345-7pqp-c395.
Workarounds
- Implement network isolation at the infrastructure level to prevent FastGPT servers from accessing sensitive internal services
- Deploy a forward proxy with URL allowlisting for all outbound HTTP requests from FastGPT
- Use firewall rules to block outbound connections from FastGPT to internal IP ranges and cloud metadata endpoints
- Consider disabling HTTP nodes and web page acquisition features if not required for your deployment
# Example firewall rules to block SSRF attempts (iptables)
# Block outbound connections to private IP ranges from FastGPT server
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -d 127.0.0.0/8 -j DROP
iptables -A OUTPUT -d 169.254.169.254 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
