FastGPT Vulnerability: Cloud Metadata Bypass via URL Encoding (CVE-2026-42345)

/HIGH /CVSS 7.7/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-918
FastGPT Vulnerability: Cloud Metadata Bypass via URL Encoding (CVE-2026-42345)

A critical vulnerability, CVE-2026-42345, has been identified in FastGPT versions 4.14.11 and prior. The National Vulnerability Database reports that the isInternalAddress() function, intended to block cloud metadata endpoints, can be bypassed. This function relies on fullUrl.startsWith() checks against a hardcoded blocklist, a method easily circumvented using various URL encoding techniques.

Attackers can leverage at least seven distinct URL encoding methods to bypass these checks, allowing access to cloud metadata services. Further compounding the issue, the broader private IP validation (isInternalIPv4/isInternalIPv6) is disabled by default, as CHECK_INTERNAL_IP is set to false. This means that once the initial URL encoding bypass is successful, no further validation prevents access to sensitive metadata endpoints.

This vulnerability, rated High severity with a CVSS score of 7.7, exposes FastGPT instances to potential information disclosure. As of the National Vulnerability Database’s publication, no patches are publicly available. Defenders must understand that this isn’t just a theoretical bypass; it’s a fundamental flaw in how FastGPT attempts to isolate internal resources, making it trivial for an attacker to reach cloud provider APIs.

What This Means For You

  • If your organization uses FastGPT, you are exposed to CVE-2026-42345. This vulnerability allows attackers to access cloud metadata endpoints, potentially leading to credential theft, privilege escalation, or further network compromise within your cloud environment. Immediately assess your FastGPT deployments and evaluate alternative mitigation strategies until an official patch is released. Assume compromise if you are running vulnerable versions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1071.004 Web Protocols Command and Control T1555 Credentials from Password Stores Credential Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-42345 - FastGPT Cloud Metadata Bypass via URL Encoding

Sigma YAML — free preview 
title: CVE-2026-42345 - FastGPT Cloud Metadata Bypass via URL Encoding
id: scw-2026-05-08-ai-1
status: experimental
level: high
description: |
  Detects attempts to bypass FastGPT's internal address check by using various forms of URL encoding to reach the cloud metadata service. The `isInternalAddress()` function in FastGPT versions prior to 4.14.11 can be bypassed by encoding the path to the metadata endpoint. This rule specifically looks for common URL-encoded variations of the cloud metadata IP addresses (169.254.169.254 and its IPv6 equivalent) within the request URI.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-42345/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '%252f%252f169.254.169.254'
          - '%252f%252f169.254.169.254%252f'
          - '%252f%252f[::ffff:169.254.169.254]'
          - '%252f%252f[::ffff:169.254.169.254]%252f'
          - '%25252f%25252f169.254.169.254'
          - '%25252f%25252f169.254.169.254%25252f'
          - '%25252f%25252f[::ffff:169.254.169.254]'
          - '%25252f%25252f[::ffff:169.254.169.254]%25252f'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-42345 SSRF FastGPT versions 4.14.11 and prior
CVE-2026-42345 SSRF Bypass of isInternalAddress() function in packages/service/common/system/utils.ts
CVE-2026-42345 Misconfiguration CHECK_INTERNAL_IP defaults to false, disabling private IP checks

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 09, 2026 at 02:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6666 — A possible null pointer reference in PgBouncer before

CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...

vulnerabilityCVEmedium-severitycwe-476
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs /⚙ 1 Sigma

PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow

CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...

vulnerabilityCVEhigh-severitycwe-121
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma